forked from google/certificate-transparency
Auditing for TLS certificates.
License
alex-google/certificate-transparency
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
1. To build the log server, you need OpenSSL >= 1.0.0. To get all functionality, in particular, checking of SCTs included in the RFC 6962 TLS extension, you need OpenSSL >= 1.0.2 (which currently means hand building a version from the OpenSSL git repository, https://www.openssl.org/source/repos.html. The branch for 1.0.2 is OpenSSL_1_0_2-stable). To find out your system version of OpenSSL: $ openssl version If the system version of OpenSSL is appropriate, then you can skip this step. Else you have to make a local version. To build a local version on Linux, download and unpack OpenSSL source (http://www.openssl.org/source/) and, in the openssl directory, run $ ./config shared $ make 2. You also need googletest, which you can get from here: http://code.google.com/p/googletest/downloads/list. You also need to install cmake, to build gtest: http://www.cmake.org/ Unpack googletest, but don't build it yet. Upstream recommends to build a new copy from source for each package to be tested. We follow this advice in our Makefile, which builds gtest automatically. Some systems make the gtest sources available as a package; on Debian this is in the libgtest-dev package and GTESTDIR = /usr/src/gtest. Our Makefile looks at this location by default. (Tested with gtest-1.6.0) 3. You will also need protobuf, from: http://code.google.com/p/protobuf/downloads/list. (Tested with protobuf-2.4.1) Download, unpack, and follow the instructions to build and install. 4. You will also need gflags and glog, from: http://code.google.com/p/gflags/ and http://code.google.com/p/google-glog/ (Tested with gflags-1.6, gflags-2.0 and glog 0.3.1 and 0.3.2) Download, unpack, and follow the instructions to build and install. Be sure to install gflags before building and installing glog to avoid link errors later on. 5. And you will need a copy of sqlite3 installed on your system. 5a. And the cURL library (http://curl.haxx.se/). There are Debian packages for this library (libcurl4-openssl-dev), but you might need to build from source, in order to link correctly with a locally built OpenSSL. (Tested with curl-7.36.0) 5b. And the JSON-C library, v0.11. (https://github.com/json-c/json-c/wiki - tarball is https://github.com/json-c/json-c/archive/json-c-0.11-20130402.tar.gz). NOTE: json-c v0.11 will install 'libjson.so' in /usr/local/lib which may interfere with the system version of libjson. If your system has libjson below 0.10, it is recommended to install the new libjson version somewhere else, then specify this location via the JSONCLIBDIR environment variable. NOTE 2: JSON-C v0.10 would work as well, except the json_object_iterator.h header is not properly copied when installing. Copy the header manually or modify Makefile.am and add it to libjsoninclude_HEADERS sectior. 5c. And if you want to use client/upload_server_cert.sh you may need the python modules pyasn1 and pyasn1-modules, which can be installed with easy_install or pip. On Debian, this dependency can be satisfied by installing the 'python-pyasn1' package directly. 5d. Also, cpp-netlib v0.10.1, available from http://cpp-netlib.org/. cpp-netlib is built using 'cmake . && make' and requires the following Boost packages: libboost-test-dev libboost-system-dev libboost-regex-dev libboost-date-time-dev libboost-thread-dev libboost-filesystem-dev libboost-program-options-dev libboost-chrono-dev Note you may need libboost-dev >= 1.48 to meet these dependencies. cpp-netlib cannot be installed using 'make install': use CPPNETLIBDIR to point to the local build (see below). 6. Then, you can build the log server by pointing to your custom OpenSSL and/or gtest (if needed): $ make OPENSSLDIR=<path to openssl> GTESTDIR=<path to gtest> CPPNETLIBDIR=<path to cpp-netlib> Once more, use gmake on BSD systems. 7. Finally, run unit tests: $ make OPENSSLDIR=<path to openssl> GTESTDIR=<path to gtest> test If the build still fails because of missing libraries, you may need to set the environment variable LD_LIBRARY_PATH. On Linux, if you did not change the default installation path (such as "/usr/local/lib"), running $ ldconfig or, if needed, $ sudo ldconfig should resolve the problem. -----END-TO-END TESTS----- 8. For end-to-end server-client tests, you will need to install Apache and point the tests to it. See test/README for how to do so. -----TESTING AND LOGGING OPTIONS----- Note that several tests write files on disk. The default directory for storing temporary testdata is /tmp. You can change this by setting TMPDIR=<tmpdir> for make. End-to-end tests also create temporary certificate and server files in test/tmp All these files are cleaned up after a successful test run. For logging options, see http://google-glog.googlecode.com/svn/trunk/doc/glog.html By default, unit tests log to stderr, and log only messages with a FATAL level (i.e., those that result in abnormal program termination). You can override the defaults with command-line flags. End-to-end tests log everything at INFO level and above. ----PYTHON NOTES--- need dnspython (http://www.dnspython.org/). FreeBSD port is dns/py-dnspython.
About
Auditing for TLS certificates.
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published