[[TracNav(doc/RPKI/TOC)]] [[PageOutline]] = Running rpkid or pubd on a different server = The default configuration runs rpkid, pubd (if enabled) and the back end code all on the same server. For many purposes, this is fine, but in some cases you might want to split these functions up among different servers. As noted briefly above, there are two separate sets of rpki.conf options which control the necessary behavior: the `run_*` options and the `start_*` options. The latter are usually tied to the former, but you can set them separately, and they control slightly different things: the `run_*` options control whether the back end code attempts to manage the servers in question, while the `start_*` flags control whether the startup scripts should start the servers in question. Here's a guideline to how to set up the servers on different machines. For purposes of this description we'll assume that you're running both rpkid and pubd, and that you want rpkid and pubd each on their own server, separate from the back end code. We'll call these servers rpkid.example.org, pubd.example.org, and backend.example.org. Most of the configuration is the same as in the normal case, but there are a few extra steps. The following supplements but does not replace the normal instructions. **WARNING**: These setup directions have not (yet) been tested extensively. * Create rpki.conf as usual on backend.example.org, but pay particular attention to the settings of `rpkid_server_host`, `irbe_server_host`, and `pubd_server_host`: these should name rpkid.example.org, backend.example.org, and pubd.example.org, respectively. * This example assumes that you're running pubd, so make sure that both `run_rpkid` and `run_pubd` are enabled in rpki.conf. * Copy the rpki.conf to the other machines, and customize each copy to that machine's role: * `start_rpkid` should be enabled on rpkid.example.org and disabled on the others. * `start_pubd` should be enabled on pubd.example.org and disabled on the others. * `start_irdbd` should be enabled on backend.example.org and disabled on the others. * Make sure that you set up SQL databases on all three servers; the `rpki-sql-setup` script should do the right thing in each case based on the setting of the `start_*` options. * Run "rpkic initialize" on the back end host. This will create the BPKI and write out all of the necessary keys and certificates. * "rpkic initialize" should have created the BPKI files (.cer, .key, and .crl files for the several servers). Copy the .cer and .crl files to the pubd and rpkid hosts, along with the appropriate private key: rpkid.example.org should get a copy of the rpkid.key file but not the pubd.key file, while pubd.example.org should get a copy of the pubd.key file but not the rpkid.key file. * Run `rpki-start-servers` on each of the three hosts when it's time to start the servers. * Do the usual setup dance, but keep in mind that the the back end controlling all of these servers lives on backend.example.org, so that's where you issue the rpkic or GUI commands to manage them. rpkic and the GUI both know how to talk to rpkid and pubd over the network, so managing them remotely is fine. dbf5abc95baed22722c5c332f9f7'>52261db0 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105









































































































                                                                           
/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2003.
 */
/* ====================================================================
 * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <ctype.h>
#include <e_os.h>
#include "o_str.h"

int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
	{
#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
	while (*str1 && *str2 && n)
		{
		int res = toupper(*str1) - toupper(*str2);
		if (res) return res < 0 ? -1 : 1;
		str1++;
		str2++;
		n--;
		}
	if (n == 0)
		return 0;
	if (*str1)
		return 1;
	if (*str2)
		return -1;
	return 0;
#else
	/* Recursion hazard warning! Whenever strncasecmp is #defined as
	 * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be
	 * defined as well. */
	return strncasecmp(str1, str2, n);
#endif
	}
int OPENSSL_strcasecmp(const char *str1, const char *str2)
	{
#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
	return OPENSSL_strncasecmp(str1, str2, (size_t)-1);
#else
	return strcasecmp(str1, str2);
#endif
	}

int OPENSSL_memcmp(const void *v1,const void *v2,size_t n)
	{
	const unsigned char *c1=v1,*c2=v2;
	int ret=0;

	while(n && (ret=*c1-*c2)==0) n--,c1++,c2++;

	return ret;
	}