mirror of
https://github.com/obgm/libcoap.git
synced 2025-10-14 02:19:34 +08:00
90 lines
2.9 KiB
Plaintext
90 lines
2.9 KiB
Plaintext
############################################################################
|
|
#
|
|
# SoftHSMv2 dual versions
|
|
#
|
|
# Works with CentOS 7
|
|
#
|
|
# The opensc package needs to be installed.
|
|
#
|
|
############################################################################
|
|
#
|
|
# Install a software HSM module for doing the PKCS11 testing of libcoap.
|
|
# Real hardware can be used if you have the appropriate library module.
|
|
#
|
|
# It is assumed that the opensc package is installed.
|
|
#
|
|
# When installing SoftHSMv2 from your system's package manager, check that the
|
|
# OpenSSL version is at least 1.1.0. If not, then you will need to dual
|
|
# install SoftHSMv2 as below; otherwise you can use the existing SoftHSMv2.
|
|
#
|
|
# SoftHSMv2 is built using OpenSSL, but GnuTLS can use the PKCS11 interface.
|
|
# Note that if the default OpenSSL version is less than 1.1.0, you will need
|
|
# to install a dual stack version of OpenSSL as per HOWTO.dual.openssl.
|
|
#
|
|
# Creates module /usr/local/lib/softhsm/libsofthsm2.so
|
|
#
|
|
|
|
# Add line below to /etc/security/limits.conf to support memory locking
|
|
|
|
* - memlock unlimited
|
|
|
|
# Get the latest SoftHSM
|
|
git clone https://github.com/opendnssec/SoftHSMv2.git
|
|
|
|
# Build code
|
|
cd SoftHSMv2/
|
|
sh autogen.sh
|
|
PKG_CONFIG_PATH=/opt/openssl/lib/pkgconfig ./configure --enable-silent-rules \
|
|
--with-crypto-backend=openssl --disable-gost LDFLAGS=-L/opt/openssl/lib \
|
|
CPPFLAGS=-I/opt/openssl/include --with-openssl=/opt/openssl
|
|
make
|
|
# You may need to comment out constexpr lines (fixes for gcc10) in
|
|
# src/lib/crypto/PublicKey.h src/lib/crypto/PrivateKey.h if you get
|
|
# compile errors.
|
|
sudo make install
|
|
cd ..
|
|
|
|
# Make sure p11-kit softhsm modules have the correct module: fully qualified
|
|
# path where the entry is of the form (in particular for GnuTLS) :-
|
|
# /usr/share/p11-kit/modules/softhsm*
|
|
#
|
|
# module: /usr/local/lib/softhsm/libsofthsm2.so
|
|
|
|
# The user you are running this as needs to be in the group defined for
|
|
# /var/lib/softhsm/tokens/. E.g.
|
|
# $ sudo ls -ld /var/lib/softhsm/tokens/
|
|
# drwxrws--- 3 root softhsm 4096 May 3 09:52 /var/lib/softhsm/tokens/
|
|
# which is softhsm in this case (It could be ods). To verify if you are in
|
|
# the correct group
|
|
# $ id
|
|
# To add user to this group
|
|
# $ sudo usermod -a -G softhsm <user>
|
|
# and log out and back in again.
|
|
#
|
|
|
|
############################################################################
|
|
#
|
|
# libp11 (needed for OpenSSL as it provides the PKCS11 engine)
|
|
#
|
|
############################################################################
|
|
#
|
|
# Install a pkcs11 library for OpenSSL to use as an engine.
|
|
# [GnuTLS has this built in]
|
|
#
|
|
|
|
# Get the latest libp11
|
|
git clone https://github.com/OpenSC/libp11.git
|
|
|
|
# Build code
|
|
cd libp11
|
|
./bootstrap
|
|
PKG_CONFIG_PATH=/opt/openssl/lib/pkgconfig ./configure \
|
|
--with-pkcs11-module=/usr/local/lib/softhsm/libsofthsm2.so
|
|
make
|
|
sudo make install
|
|
cd ..
|
|
|
|
# Verify that pkcs11 is available
|
|
|
|
/opt/openssl/bin/openssl engine pkcs11 -t
|