Loading ...
Posted by jad on Apr 17th, 2007
This issue keeps coming back to bite me so I thought a blog was in order.
Perl is shipped as part of Solaris 10. It is part of the core install and so it may not be a good idea to remove it and use our own version. However, like the rest of solaris it is built with the sun compiler which doesn’t ship as part of Solaris. This means that if you wish to build a new perl module the perl Makefile.PL step will try to use the sun compiler and options. This will not work. Instead you need to do perlgcc Makefile.PL. This will correctly use gcc. This issue will also bite you if you try doing anything with Inline::C.
You can find out more about perlgcc
The path to perlgcc is /usr/perl5/5.8.4/bin/perlgcc
Loading ...
Posted by jad on Apr 13th, 2007
I just spent a frustrating hour trying to get the Crypt::OpenSSL::RSA perl module running on Solaris 10. I kept getting errors like
Note (probably harmless): No library found for -lssl
Note (probably harmless): No library found for -lcrypto
when running perlgcc Makefile.PL. Eventually I realized that you need to hack Makefile.PL and change the LIBS and INC lines so that they contain the paths to the openssl headers and libraries. What is more the order of the LIBS arguments is very important. the -L must come before -lssl -lcrypto. Like this:
'LIBS' => ['-L/opt/openssl-0.9.8d/lib -lssl -lcrypto'],
'INC' => '-I/opt/openssl-0.9.8d/include',
If anyone knows how to tell cpan to prepend the LIBS then please comment and let me know.
Loading ...
Posted by jad on Apr 12th, 2007
OpenSSL provides a set of engine functions to allow you to access cryptographic modules. I have used these before to access a Sun SCA6000 via pkcs11. In those examples I always assumed the necessary configuration settings were in the openssl config file. However some settings would be better set on the fly. For example, you wouldn’t want the password required to access the keystore to be kept on disk in the config file.
To pass the password (pin) to an engine you can do something like this
/* Send PIN to engine */
if(!ENGINE_ctrl_cmd_string(e, "PIN", "nominet1:abc123", 0)){
printf("Error sending PIN to engine");
ENGINE_free(e);
return;
}
Thanks to Stephen Henson for pointing me in the correct direction.
(1 votes, average: 4 out of 5)
(2 votes, average: 4.5 out of 5)