head	1.6;
access;
symbols;
locks
	martin:1.6; strict;
comment	@# @;


1.6
date	98.05.13.07.35.12;	author martin;	state Exp;
branches;
next	1.5;

1.5
date	96.06.13.14.07.38;	author martin;	state Exp;
branches;
next	1.4;

1.4
date	96.05.14.14.50.11;	author martin;	state Exp;
branches;
next	1.3;

1.3
date	96.01.31.15.16.03;	author martin;	state Exp;
branches;
next	1.2;

1.2
date	96.01.31.09.58.17;	author martin;	state Exp;
branches;
next	1.1;

1.1
date	95.12.22.17.09.23;	author martin;	state Exp;
branches;
next	;


desc
@@


1.6
log
@chm
@
text
@This is the SSL-MZ telnet(d) package with encryption support.

It comes from the 4.4BSD-Lite version of telnet and telnetd and is
patched with the SSL-enhancement of Tim Hudson <tjh@@mincom.oz.au>,
which he did to the SRA-telnet sources.

These patches were done by:

Tim Hudson
tjh@@cryptsoft.com
+61 7 32781581

and

Christoph Martin
Christoph.Martin@@Uni-Mainz.DE

(Look at the VERSION file for details of contributors since the initial
release)

Tim Hudson <tjh@@mincom.oz.au> then updated this package to the 
SSLeay-0.5.1 release which introduced API changes and has merged 
the SSLtelnet changes into this package. 

The two versions are now merged and are being jointly maintained.

You can do whatever you like with these patches except pretend that
you wrote them.

The original location of this package is
ftp://ftp.uni-mainz.de/pub/internet/security/ssl/SSL-MZapps

It is also always available at the standard SSL Application location
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLapps/

This package uses the SSL-implementation which can be found in
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-0.5.1.tar.gz

The SSLeay FAQ (which includes pointers to the porting documentation 
and references to the other SSL-based applications) can be found at 
http://www.psy.uq.oz.au/~ftp/Crypto
  
SSL-MZtelnet has been tested on Aix, HPUX, Linux, SCO, Ultrix, 
DEC Unix, Irix and Solaris with gcc.

See PLATFORMS for a more detailed list of what has been tested.

The package uses GNU configure to find out about the system properties.

First you should install SSLeay[0.5.x] (and SOCKS if you are using it 
as part of your firewall setup).
  
For configuring telnet and telnetd type:

	configure

You can use --with-ssl to enable the SSL featues and --with-socks to
include SOCKS support.

--enable-warnings adds -Wall to CFLAGS if using GCC.

To build telnet and telnetd type:

	make

Test telnet like this:
	telnet -z ssl www.netscape.com https
then type
	GET / HTTP/1.0 <RETURN><RETURN>
and you should get back the HTML for the Netscape home page

For installing put the path of telnetd in /etc/inetd.conf and send a
kill -HUP to inetd. (On SCO this is not working :( ). Then you have to
install at least the self-signed certificates

I assume that the following exist:

/usr/local/ssl/bin         (all the SSLeay utilites)
/usr/local/ssl/lib         (libcrypto.a and libssl.a)
/usr/local/ssl/include     (required SSLeay header files)

/usr/local/ssl/certs       PUBLIC keys
/usr/local/ssl/private     PRIVATE keys

For telnetd you can operate using a self-signed certificate (this is the
easiest way of driving SSL as a "simple" stream encryption
library). To generate the required file you can either use
"make certificate" or do the following:

PATH=$PATH:/usr/local/ssl/bin

# SSLeay 0.5.0b+ (21-Dec-95) supports a quick mechanism for generating
#                            "dummy" certificates
cd /usr/local/ssl/certs
req -new -x509 -nodes -out telnetd.pem -keyout telnetd.pem
ln -s telnetd.pem `x509 -noout -hash < telnetd.pem`.0

Then *test* that verify likes the setup

verify /usr/local/ssl/certs/telnetd.pem

SSL bugs should be directed to ssl-bugs@@mincom.oz.au
SSL comments/discussion should be directed to ssl-users@@mincom.oz.au

If you email ssl-users-request@@mincom.oz.au you will be emailed 
instructions on how to interact with the majordomo varient that 
is managing this list.

Have a look at the README.apps files for the documentation that 
Tim Hudson <tjh@@mincom.oz.au> put together for the original SSLtelnet
on which these patches are based.

@


1.5
log
@*** empty log message ***
@
text
@d10 2
a11 2
tjh@@mincom.oz.au
tjh@@mincom.com
a67 1
(if https is unknown then use 443 :-)
d69 1
a69 1
	GET /
@


1.4
log
@*** empty log message ***
@
text
@d9 6
d18 3
d80 1
a80 1
/usr/local/ssl/lib         (libcrypto.a, libssl.a)
@


1.3
log
@update to SSLeay-0.5.1 (tjh)
@
text
@d16 1
a16 2
The two versions will be fully merged shortly and then be
jointly maintained.
d24 3
d30 2
a31 1
The SSLeay FAQ can be found at 
d33 3
d37 1
a37 6
SSL-MZtelnet has been tested it for Aix, HPUX, Linux, SCO, Ultrix, 
DEC Unix, Irix and Solaris with gcc. 
(See PLATFORMS for a more detailed list of what has been tested)

The package now uses GNU configure to find out about the system 
properties.
d39 1
a39 2
At first you should have installed SSLeay (and SOCKS if you are using
it as part of your firewall setup).
d41 3
d78 1
a78 1
simpliest way of driving SSL as a "simple" stream encryption
@


1.2
log
@*** empty log message ***
@
text
@d1 1
a1 1
This is the SSL-MZ telnet(d) package with encrypting support.
d12 7
d26 4
a29 1
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-0.4.5d.tar.gz
d31 3
a33 3
I tested it for Aix, HPUX, Linux, SCO, Ultrix, DEC Unix, Irix and
Solaris with gcc. The package now uses GNU configure to find out about
the system properties.
d35 5
a39 1
At first you should have installed SSLeay (and socks).
d45 2
a46 2
You can use --with-ssl to enable the ssl featues and --with-socks to
include socks support.
d67 3
a69 3
/usr/local/ssl/bin         (all the SSL utilites)
/usr/local/ssl/lib         (libcrypto.a, libdes.a and libssl.a)
/usr/local/ssl/include     (required SSL and DES header files)
d74 1
a74 1
For telnetd I have worked using a self-signed certificate (this is the
d76 2
a77 8
library). To generate the required files do the following:

Note: - you need to be running sh or ksh for the makecert step as it
      requires you to redirect stderr separate from stdout which csh 
      doesn't do.
      - makecert will ask you some questions ... put whatever you feel
      in here at this step

d81 2
a82 15
genrsa     > telnetd.key
makecert 2> telnetd.text
x509 -inform TEXT -in telnetd.text -signkey telnetd.key \
     -CAform TEXT -CA telnetd.text -CAkey telnetd.key -CAcreateserial \
     > telnetd.cert
cp telnetd.cert /usr/local/ssl/certs
chmod 644 /usr/local/ssl/certs/telnetd.cert
cp telnetd.key /usr/local/ssl/private
chmod 600 /usr/local/ssl/private/telnetd.key


You should also find out the hash of each of these keys and make a 
symlink in the certs directory to each of these files so verify 
can find them

d84 2
a85 1
ln -s telnetd.cert `x509 -noout -hash < telnetd.cert`.0
d89 1
a89 2
verify /usr/local/ssl/certs/telnetd.cert

d97 4
@


1.1
log
@Initial revision
@
text
@d21 3
a23 3
I tested it for Aix, HPUX, Linux, SCO and Solaris with gcc. Other OS's
will follow.  The package now uses GNU configure to find out about the
system properties.
d26 1
@
