boa SSL connection problem

In the mean time I could solve the problem myself. It was due to the device /dev/urandom missing.

Creating the device in the rootfs solved the problem and SSL works now.

Get the BOA webserver with Auth and SSL working from

my webpage (http://www.8ung.at/nacide_manfred/linuxtutorial.html#boawebserver)

That makes sense. Any sort of SSL app (perhaps other crypto apps, as well) needs to have "random entropy" in order to operate. In the not-so-distant past, Solaris didn't offer a "randomness generator", so openssl's solution was to force the user to enter random keystrokes.... In other words, be thankful that Linux (or uCLinux) doesn't require this :-)

Cheers, and Thanks for the SSLed BOA!

- slacker

--- Quote Start ---

originally posted by nacide@May 31 2006, 08:37 AM

in the mean time i could solve the problem myself. it was due to the device /dev/urandom missing.

creating the device in the rootfs solved the problem and ssl works now.

get the boa webserver with auth and ssl working from

my webpage (http://www.8ung.at/nacide_manfred/linuxtutorial.html#boawebserver)

<div align='right'><{post_snapback}> (index.php?act=findpost&pid=15724)

--- quote end ---

--- Quote End ---

Hi,nacide.

Could you tell me something more about how to create boa_passwd? what is it format? How to get crypt password?

my source file as follow:

# Boa v0.94 configuration file#  File format has changed little from 0.92#  version changes are noted in the comments# #  The Boa configuration file is parsed with a lex/yacc or flex/bison#  generated parser.  If it reports an error, the line number will be#  provided; it should be easy to spot.  The syntax of each of these#  rules is very simple, and they can occur in any order.  Where possible#  these directives mimic those of NCSA httpd 1.3; I saw no reason to #  introduce gratuitous differences.
#  The "ServerRoot" is not in this configuration file.  It can be compiled#  into the server (see defines.h) or specified on the command line with#  the -c option, for example:# #  boa -c /usr/local/boa
#  Port: The port Boa runs on.  The default port for http servers is 80.#  If it is less than 1024, the server must be started as root.
Port 80
#   User: The name or UID the server should run as.#  Group: The group name or GID the server should run as.
User 0
Group 0
#  ServerAdmin: The email address where server problems should be sent.#  Note: this is not currently used.
ServerAdmin root@localhost
#  ErrorLog: The location of the error log file. If this does not start#  with /, it is considered relative to the server root.#  Set to /dev/null if you don't want errors logged.
# ErrorLog /dev/null
#  AccessLog: The location of the access log file. If this does not#  start with /, it is considered relative to the server root.#  Comment out or set to /dev/null (less effective) to disable #  Access logging.
# AccessLog /log/boa/access_log
#  RefererLog: The location of the referer log file. If this does not#  start with /, it is considered relative to the server root.#  Comment out or set to /dev/null (less effective) to disable#  referer logging.
# RefererLog /log/boa/referer_log
#  AgentLog: The location of the agent log file. If this does not#  start with /, it is considered relative to the server root.#  Comment out or set to /dev/null (less effective) to disable#  User-Agent logging.
# AgentLog /mnt/jaguar/log/boa/agent_log
#  VerboseCGILogs: this is just a logical switch.#  Comment out to disable.# VerboseCGILogs
#  ServerName: the name of this server that should be sent back to #  clients if different than that returned by gethostname -- often#  this is www.foo.bar.
# ServerName www.your.org.here
#  DocumentRoot: The root directory of the HTML documents.
# DocumentRoot /var/www
DocumentRoot /home/httpd
#  ChRoot: Boa root '/' directory. This is useful to improve security of#  your system. Don't forget that ALL DIRECTORIES used by boa except logs#  must be in this directory. If you need cgi scripts, you must copy shared#  libraries to this directory (see ldconfig(8) for more info)
ChRoot /home/httpd
#  UserDir: The name of the directory which is appended onto a user's home#  directory if a ~user request is recieved.
UserDir public_html
#  DirectoryIndex: Name of the file to use as a pre-written HTML#  directory index.  Please MAKE AND USE THESE FILES.  On the#  fly creation of directory indexes can be _slow_.#  
DirectoryIndex index.html
# DirectoryMaker /usr/local/sbin/boa_indexer
DirectoryMaker /sbin/boa_indexer
#  LocalCodepage: Local codepage. This is send to client in 'Content-Type:'#  header by default.
# LocalCodepage iso-8859-1
#  Codepage: Load codepage conversion table from file. This table will be used#  on-the-fly conversion.
# Codepage us-ascii /usr/lib/boa/iso-8859-2/us-ascii
#  CodepageByURL: Specify URL prefix codepage. This command is used for manual#  codepage selection. For example, http://www.cz.boa.org/asc/document.html#  converts /document.html to us-ascii
# CodepageByURL    /asc    us-ascii
#  CodepageByBrowser: Specify codepage by $USER_AGENT. This command is used for#  automatic codepage selection. You can use characters '*' and '?' in browser#  string. For example, "CodepageByBrowser Lynx/* us-ascii" will send for Lynx#  users all documents in us-ascii.
# CodepageByBrowser Lynx/* us-ascii
#  KeepAliveMax: Number of KeepAlive requests to allow per connection#  Comment out, or set to 0 to disable keepalive processing
KeepAliveMax 100
#  KeepAliveTimeout: seconds to wait before keepalive connection times out
KeepAliveTimeout 10
#  MimeTypes: This is the file that is used to generate mime type pairs#  and Content-Type fields for boa.
MimeTypes /etc/mime.types
#  DefaultType: MIME type used if the file extension is unknown, or there#  is no file extension.
DefaultType text/plain
#  AddType: adds types without editing mime.types#  Example: AddType type extension 
#  Uncomment the next line if you want .cgi files to execute from anywhere
AddType application/x-httpd-cgi cgi
AddType application/x-httpd-cgi cgi
AddType application/postscript ps
AddType application/postscript eps
AddType application/pgp pgp
AddType audio/x-aiff aif
AddType audio/x-aiff aifc
AddType audio/x-aiff aiff
AddType text/plain asc
AddType text/plain txt
AddType audio/ulaw au
AddType video/x-msvideo avi
AddType application/x-bcpio bcpio
AddType application/octet-stream bin
AddType application/x-netcdf cdf
AddType application/x-cpio cpio
AddType application/x-csh csh
AddType application/x-dvi dvi
AddType text/x-setext etx
AddType application/andrew-inset ez
AddType image/gif gif
AddType application/x-gtar gtar
AddType application/x-gunzip gz
AddType application/x-hdf hdf
AddType text/html html
AddType image/ief ief
AddType image/jpeg jpe
AddType image/jpeg jpeg
AddType image/jpeg jpg
AddType application/x-latex latex
AddType application/x-troff-man man
AddType application/x-troff-me me
AddType application/x-mif mif
AddType video/quicktime mov
AddType video/quicktime qt
AddType video/x-sgi-movie movie
AddType video/mpeg mp2
AddType video/mpeg mpe
AddType video/mpeg mpeg
AddType video/mpeg mpg
AddType application/x-troff-ms ms
AddType application/x-netcdf nc
AddType application/oda oda
AddType image/x-portable-bitmap pbm
AddType application/pdf pdf
AddType image/x-portable-graymap pgm
AddType application/x-chess-pgn pgn
AddType image/x-portable-anymap pnm
AddType image/x-portable-pixmap ppm
AddType application/postscript ps
AddType image/x-cmu-raster ras
AddType image/x-rgb rgb
AddType application/x-troff roff
AddType application/rtf rtf
AddType text/richtext rtx
AddType application/x-sh sh
AddType application/x-shar shar
AddType audio/basic snd
AddType application/x-wais-source src
AddType application/x-sv4cpio sv4cpio
AddType application/x-sv4crc sv4crc
AddType application/x-troff t
AddType application/x-troff tr
AddType application/x-tar tar
AddType application/x-tcl tcl
AddType application/x-tex tex
AddType application/x-texinfo texi
AddType application/x-texinfo texinfo
AddType image/tiff tif
AddType image/tiff tiff
AddType text/tab-separated-values tsv
AddType application/x-ustar ustar
AddType audio/x-wav wav
AddType image/x-xbitmap xbm
AddType image/x-xpixmap xpm
AddType image/x-xwindowdump xwd
AddType application/zip zip
#  Redirect, Alias, and ScriptAlias all have the same semantics -- they#  match the beginning of a request and take appropriate action.  Use#  Redirect for other servers, Alias for the same server, and ScriptAlias#  to enable directories for script execution.
#  Redirect allows you to tell clients about documents which used to exist in#  your server's namespace, but do not anymore. This allows you to tell the#  clients where to look for the relocated document.#  Example: Redirect /bar http://elsewhere/feh/bar
#  Aliases: Aliases one path to another.#  Example: Alias /path1/bar /path2/foo
# Alias /doc /usr/doc
#  ScriptAlias: Maps a virtual path to a directory for serving scripts#  Example: ScriptAlias /htbin/ /www/htbin/
#  VirtualHost: Maps a virtual host to a directory.#  Example: VirtualHost cz.boa.org /html/htdocs/boa/
# VirtualHost    www.second.company.com /var/www/second_company/
#  Auth: HTTP Basic authorization. Format is "Auth <Directory> <PasswdFile>".#  Password file should be readable _ONLY_ by root or trusted user(s). This file#  is opened before boa gives out privs.#  Example: Auth /secret /var/www/secret.passwd
Auth / /etc/boa_passwd

/etc/boa_passwd is :

melvin $1$$xnB8I.j83d1doTGExRA.i.

$1$$xnB8I.j83d1doTGExRA.i. is copied from /etc/passwd which created by command passwd in uclinux.

Please give me some advice!!!!!!!!

Look at the auth.c file for the password format.

The password needs to be created with the command htpasswd (not passwd) which is the password generator used for apache. I think you need apache package installed on your developement host for the command htpasswd.

In the boa sources EMBED is the default directive. This is fine for embedded systems but the password that is accepted is somewhat strange (only 1 user),

therefore I changed this in the auth.c file so that also EMBED is compatible to the password generation with htpasswd.

Read the whole story on my homepage (http://www.8ung.at/nacide_manfred/linuxtutorial.html#boawebserver)

Thank you very much!!

under microtronix&#39;s boa, passwd can pass. Thank you!!

In NiosII IDE, your boa source can&#39;t pass compile.

I can&#39;t understand clearly what you said. Could you explain it. for example:

Make sure you have the openssl include files copied to
c:\altera\kits\nios2_51\bin\eclipse\plugins\com.microtronix.nios2linux.uClibc_1.4.0\include

There is no .h file in opensll which download from downloadplace.

Thank you very much!!!

The .h file are those in the openssl-0.9.7e package in the include directory, just copy the directory openssl with all .h files into the D:\altera\kits\nios2_51\bin\eclipse\plugins\com.microtronix.nios2linux.uClibc_1.4.0\include directory

so you will have a folder openssl there.

Hint: Watch for your compiler messages that will say ...no such file... and search for the .h file missing and copy it to the right place.