This is the 4.4BSD-Lite version of telnet and telnetd patched with the
SSL-enhancement of Tim Hudson <tjh@mincom.oz.au>, which he did to the
SRA-telnet sources.

These patches were done by:

Christoph Martin
Christoph.Martin@Uni-Mainz.DE
+49 6131 39 6316

You can do whatever you like with these patches except pretend that
you wrote them.

The original location of this package is
ftp.uni-mainz.de:/pub/internet/security/ssl/SSL-MZapps

This package uses the SSL-implementation which can be found in
ftp.psy.uq.oz.au:/pub/Crypto/SSL/SSLeay-0.4.3a.tar.gz

If tested it for HPUX, Solaris and SCO. Other OS's will follow.  The
package now uses GNU configure to find out about the system
properties. 

At first you should have installed SSLeay (and socks).
For configuring telnet and telnetd type:

	configure

You can use --with-ssl to enable the ssl featues and --with-socks to
include socks support.

To build telnet and telnetd type:

	make

Test telnet like this:
	telnet -z ssl www.netscape.com https
(if https is unknown then use 443 :-)
then type
	GET /
and you should get back the HTML for the Netscape home page

For installing put the path of telnetd in /etc/inetd.conf and send a
kill -HUP to inetd. (On SCO this is not working :( ). Then you have to
install at least the self-signed certificates

I assume that the following exist:

/usr/local/ssl/bin         (all the SSL utilites)
/usr/local/ssl/lib         (libcrypto.a, libdes.a and libssl.a)
/usr/local/ssl/include     (required SSL and DES header files)

/usr/local/ssl/certs       PUBLIC keys
/usr/local/ssl/private     PRIVATE keys

For telnetd I have worked using a self-signed certificate (this is the
simpliest way of driving SSL as a "simple" stream encryption
library). To generate the required files do the following:

Note: - you need to be running sh or ksh for the make_cert step as it
      requires you to redirect stderr separate from stdout which csh 
      doesn't do.
      - make_cert will ask you some questions ... put whatever you feel
      in here at this step


PATH=$PATH:/usr/local/ssl/bin

genrsa     > telnetd.key
make_cert 2> telnetd.text
x509 -inform TEXT -in telnetd.text -signkey telnetd.key \
     -CAform TEXT -CA telnetd.text -CAkey telnetd.key -CAcreateserial \
     > telnetd.cert
cp telnetd.cert /usr/local/ssl/certs
chmod 644 /usr/local/ssl/certs/telnetd.cert
cp telnetd.key /usr/local/ssl/private
chmod 600 /usr/local/ssl/private/telnetd.key


You should also find out the hash of each of these keys and make a 
symlink in the certs directory to each of these files so verify 
can find them

cd /usr/local/ssl/certs
ln -s telnetd.cert `x509 -noout -hash < telnetd.cert`.0

Then *test* that verify likes the setup

verify /usr/local/ssl/certs/telnetd.cert
verify /usr/local/ssl/certs/httpd.cert


SSL bugs should be directed to ssl-bugs@mincom.oz.au
SSL comments/discussion should be directed to ssl-users@mincom.oz.au

If you email ssl-users-request@mincom.oz.au you will be emailed 
instructions on how to interact with the majordomo varient that 
is managing this list.

