On Fri, Oct 30, 1998 at 09:58:57AM +0100, Ralf S. Engelschall wrote:
> On Thu, Oct 29, 1998, Jake Buchholz wrote:
> > You need to buy the BSAFE development libraries (although 4.0 exists,
> > only 3.0 is available for linux, but this is sufficient, since 4.0 seems
> > to only add stuff that doesn't apply to SSL), for $295 (w/o tech support).
> >
> > Depending on your situation, RSA's licensing of BSAFE differs. One of the
> > options is to pay a one-time licensing fee for a per-user license, and
> > there's also some kind of an annual licensing fee structure (but it didn't
> > apply to my situation so I ignored that bit). A one-time 100-user license
> > is $3000, 250-user is $4000, 500-user is $6000, 1000-user is $9000--and it
> > goes on from there. (Prices, subject to change, of course...)
>
> So the minimum you have to pay is $295+$3000 for a 100-user
> Apache+mod_ssl based webserver, right?
If you're an ISP and want to have up to 100 virtual hosted secure servers,
yes--I'm not sure what the price would be if you just wanted to run your own
secure server without any virtual hosted customers; I'm assuming that a
different licensing plan and price may apply. Also, the license (from what
I've been told) doesn't apply to just one server. For instance, if you've
got 10 servers, and 10 secure virtual host customers on each, you'd be
covered by a 100-user license.
> > Then you need to integrate the BSAFE 3.0 libraries with SSLeay, similar to
> > (but not the same as) how rsaref was compiled in. You'll also need to
> > link things differently when you compile your Apache+mod_ssl/ApacheSSL.
>
> Oh, that's interesting. Can you give me details so I can add BSAFE support to
> the INSTALL file and the libssl.module script (different -l, -L options,
> etc.)? What I at least need to know is:
> 1. Is BSAFE API compatible to RSAref?
> (when yes this mean SSLeay's RSAglue works, when not what
> else have to be used as the glue code)
Similar? Yes. Drop-in compatible? Alas, no. Key defines are different,
functions seem to be slightly different parameter-wise, and there's extra
memory-manipulation code that it wants (analogues to memcpy, malloc, etc.
that do extra checking.) Linking BSAFE to SSLeay requires "bsafeglue".
> 2. What is the filesystem layout of the BSAFE dev libs package, i.e. where is
> the libxxx.a (for -L) and include files (for -I) and how are they named
> (xxx=bsafe for -l?, bsafe.h?)
I've got my BSAFE libraries in /usr/local/lib/bsafe, includes in
/usr/local/include/bsafe (only really needed for SSLeay). I added
'-L/usr/local/lib/bsafe' to the end of LDFLAGS1 and
'-lssl -lcrypto -lbsafeglue -lbsafe -ltstdlib' to the end of LIBS1.
> Can you give us some details?
I'd love to pass along more information (It'd make things easier for me
to recompile each time a new version of SSLeay, Apache, or mod_ssl came
out ;) but I'm not sure to what extent I'm allowed to help. (Seeing as
how I'm in the states, yadda yadda...)
Also, I was lucky enough to have found someone who had successfully linked
SSLeay with BSAFE's RSA and RC4 routines--and that's the _real_ trick--so
I'd need to ask his permission for any sharing along those lines.
--
Jake Buchholz http://www.execpc.com/~jake
ExecPC Senior Systems Administrator [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
