I am new to SSL programming: currently trying to "play" with it... :-)
I'm having some problems with compiling the sample client-server source code given on the Mozilla/NSS official site.
I went through the code but found that it has been written using the NSPR source files. I had both, the NSS+NSPR source package as well as the binaries of the same. To make the things "idiot-proof", I put all the .C/.CPP/.hs in a single large include folder and then including it. I also included the libs, dlls & chks contained in the lib folder of the NSS binaries package. I finally ended up with some 40+ linker errors in the both, client_test.obj & server_test.obj & sslsamples.obj files. This makes me suspect that I've not/erroneously included some of the files necessary for compilation...
Could you please tell me which files are required for the proper compilation of the project?
Also, if you could tell me which files are required to be included for developing SSl applications(since before initializing NSS, NSPR has to be iniatilized..), I'll be extremely glad.
Another thing which I wanted to enquire was that some of the files were .C while others were .CPP so what should I compile the source as: as C code or as CPP code?
> I am new to SSL programming: currently trying to "play" with it... :-)
> I'm having some problems with compiling the sample client-server > source code given on the Mozilla/NSS official site.
> I went through the code but found that it has been written using the > NSPR source files. I had both, the NSS+NSPR source package as well as > the binaries of the same. To make the things "idiot-proof", I put all > the .C/.CPP/.hs in a single large include folder and then including > it. I also included the libs, dlls & chks contained in the lib folder > of the NSS binaries package. I finally ended up with some 40+ linker > errors in the both, client_test.obj & server_test.obj & sslsamples.obj > files. This makes me suspect that I've not/erroneously included some > of the files necessary for compilation...
> Could you please tell me which files are required for the proper > compilation of the project?
> Also, if you could tell me which files are required to be included for > developing SSl applications(since before initializing NSS, NSPR has to > be iniatilized..), I'll be extremely glad.
> Another thing which I wanted to enquire was that some of the files > were .C while others were .CPP so what should I compile the source as: > as C code or as CPP code?
So install MozillaBuild and run the start-msvc8.bat batch file. It'll start up a command shell running "bash". In bash, the command to set an environment variable "FOO" to 1 is
They were built using VC++ 6.0, but should work with VC++ 2005.
Even if you don't use the binary distributions, they still provide a piece of useful information -- they only include the headers and libraries that you need to develop an SSL app with NSS/NSPR. You can also get this info from the build tree.
NSPR headers you need are in mozilla/dist/WIN954.0_OPT.OBJ/include, except all the headers in mozilla/dist/WIN954.0_OPT.OBJ/include/md and the header mozilla/dist/WIN954.0_OPT.OBJ/include/private/primpl.h.
NSS headers you need are in mozilla/dist/public/nss
First off, thanks for posting all that info Wan-Teh. I look forward to being able to build NSS/NSPR on windows.
I downloaded MozillaBuildSetup-1.1.exe and the disc images for Visual C++ 2005 Express Edition and the Windows Platform SDK, *then* I scrolled up and saw the compatibility chart. The chart doesn't mention NSS versions so will I be able to compile NSS 3.11 using VC8 or do I need an older version?
e.kabarie wrote: > Could you please tell me which files are required for the proper > compilation of the project?
I gather you're trying to build the code as an MSVC "project", rather than using the makefiles that come with NSPR. We don't support that.
Once built, the NSPR headers and shared libraries can be used in other MSVC projects, but I advise against trying to build NSPR itself as an MSVC project.
> Another thing which I wanted to enquire was that some of the files > were .C while others were .CPP so what should I compile the source as: > as C code or as CPP code?
There are "dead" source files in NSS and NSPR, files that don't actually get built. When I build NSPR on windows, no .cpp files get built, so I gather they're dead.
> First off, thanks for posting all that info Wan-Teh. I look forward to > being able to build NSS/NSPR on windows.
> I downloaded MozillaBuildSetup-1.1.exe and the disc images for Visual > C++ 2005 Express Edition and the Windows Platform SDK, *then* I scrolled > up and saw the compatibility chart. The chart doesn't mention NSS > versions so will I be able to compile NSS 3.11 using VC8 or do I need an > older version?
NSS builds with MSVC 5, 6, 7, 8, and "Express 2005" (which is a subset of MSVC 8). If you use MSVC8 or Express 2005, I strongly recommend that you get and use Service Pack 1 for it. (Other service packs are recommended for the older versions, too. I don't have that information handy just now.)
I can report success using VC8 (Visual C++ 2005 Express Edition), 5.2.3790.2075.51.PlatformSDK_Svr2003R2_rtm.img and MozillaBuildSetup-1.1.exe running on WinXP SP2.
I actually grabbed a build of the netscape wintools first and popped gmake into the bin folder and it started but I hit an error with CL very early on....so this is just a heads up for anyone else out there.
> First off, thanks for posting all that info Wan-Teh. I look forward to > being able to build NSS/NSPR on windows.
> I downloaded MozillaBuildSetup-1.1.exe and the disc images for Visual > C++ 2005 Express Edition and the Windows Platform SDK, *then* I scrolled > up and saw the compatibility chart. The chart doesn't mention NSS > versions so will I be able to compile NSS 3.11 using VC8 or do I need an > older version?
That page is a Mozilla (Firefox) build page, which is why the compatibility chart on it doesn't mention NSS. NSS doesn't have C++ code, therefore we're much less sensitive to complier versions.
Regarding gmake vs. make: what we intend to convey is that you need to use GNU make if the system has both the traditional Unix make and GNU make installed. It is better to make gmake a copy or symbolic link of make, because the NSS test scripts assume that the name of GNU make is "gmake". You'll run into this issue if you run the NSS test suite. If you only need to build NSS, you can use 'make' instead of 'gmake' in the build instructions.
David Stutzman wrote: > I can report success using VC8 (Visual C++ 2005 Express Edition), > 5.2.3790.2075.51.PlatformSDK_Svr2003R2_rtm.img and > MozillaBuildSetup-1.1.exe running on WinXP SP2.
> One snag that had me scratching my head was the make command. > Wan-Teh links to > http://www.mozilla.org/projects/security/pki/nss/nss-3.11.4/nss-3.11.... > which the last step says to run "gmake nss_build_all". gmake is not > present in the environment but using just "make" works fine.
On some systems there are two (or more) separate make programs. The GNU version is named gmake, and some other version is named make.
On other systems, there is only GNU make and it is named make, not gmake. On those systems, I recommend that you create a copy (or link or symlink) of make, named gmake, so that gmake commands will work on those systems, and will just invoke make. This will save you a lot of headache over time.
Now that the client has been compiled, I'm running into problems with passing the hostname to the client.exe. Please tell me the exact format for passing the hostname as whatever hostname I'm passing, it is not being accepted by the client. I want to test the client-server: so how do I pass the hostname?
Also, I found that the dlls which are given in the NSS/NSPR packages are not sufficient: while running the client-server or the other exes given in the NSS/lib folder, it first crashes asking for files such as libplc4.dll, libnspr4.dll and libplds4.dll. I was initially bewildered but then I just pasted renamed copies of the dlls with similar names(such as I naming nspr4.dll to libnspr.dll) along with the original ones and the applications executed seamlessly... Can anyone explain the reason for this?
On 10/20/07, D3||||!$ <e.kaba...@gmail.com> wrote:
> Now that the client has been compiled, I'm running into problems with > passing the hostname to the client.exe. Please tell me the exact > format for passing the hostname as whatever hostname I'm passing, it > is not being accepted by the client. I want to test the client-server: > so how do I pass the hostname?
you should pass the host name as the last command-line argument. The hostname can be either a DNS name or an IP address. But you also need to specify the port number using the -p option, e.g., -p 443 or -p 8443. Otherwise you'll get the usage message.
By the way, you should use selfserv as the sample server and tstclnt or strsclnt as the sample client because the code in SSLsample is a little out of date.
> Also, I found that the dlls which are given in the NSS/NSPR packages > are not sufficient: while running the client-server or the other exes > given in the NSS/lib folder, it first crashes asking for files such as > libplc4.dll, libnspr4.dll and libplds4.dll. I was initially bewildered > but then I just pasted renamed copies of the dlls with similar > names(such as I naming nspr4.dll to libnspr.dll) along with the > original ones and the applications executed seamlessly... Can anyone > explain the reason for this?
This means you built NSS without setting the environment variable OS_TARGET to WIN95. If you use the MozillaBuild command shell (which is "bash"), use this command:
export OS_TARGET=WIN95
You only need to set this environment when building NSS and NSPR. When you build your own application, you don't need to set this environment variable.
Thanks for the help you rendered: the tstclnt.exe is taking the hostname input just fine...
But now I have problems with server authentication: I tried many hit-&- trial approaches to obtain a successful connection but for one reason or the other, the client is not recognising the issuer CA(self-signed and added to the client DB with certutil -t "CTU, CTU, CTU") as trusted.
I created three DB directories: one for each, the client, the server & the CA. The DBs, keys, and the certificates requests as well as the finished certificates of each one was put into its respective directory. Also, when I created the Self-signed CA certificate using the -S argument with certutil.exe, it got added to the DB fine but was not visible in its directory due to which I could not add it to the client & the server databases. I fixed this problem by creating a secondary CA cert from the Self signed "root" cert and adding it to both the other databases...But again it could not recognize the CA cert... :-((
Then I generated all the certs in a common directory. Again, no success...
Kindly help.
Also please tell the importance of the -1234567 arguments in the certutil tool.
Can I somehow add the root CA cert in the client-server DBs without having to create the secondary CA cert??
