This is the SSL-MZ telnet(d) package with encryption support.

It comes from the 4.4BSD-Lite version of telnet and telnetd and is
patched with the SSL-enhancement of Tim Hudson <tjh@mincom.oz.au>,
which he did to the SRA-telnet sources.

These patches were done by:

Christoph Martin
Christoph.Martin@Uni-Mainz.DE

Tim Hudson <tjh@mincom.oz.au> then updated this package to the 
SSLeay-0.5.1 release which introduced API changes and has merged 
the SSLtelnet changes into this package. 
The two versions will be fully merged shortly and then be
jointly maintained.

You can do whatever you like with these patches except pretend that
you wrote them.

The original location of this package is
ftp://ftp.uni-mainz.de/pub/internet/security/ssl/SSL-MZapps

This package uses the SSL-implementation which can be found in
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-0.5.1.tar.gz

The SSLeay FAQ can be found at 
http://www.psy.uq.oz.au/~ftp/Crypto

SSL-MZtelnet has been tested it for Aix, HPUX, Linux, SCO, Ultrix, 
DEC Unix, Irix and Solaris with gcc. 
The package now uses GNU configure to find out about the system properties.

At first you should have installed SSLeay (and SOCKS if you are using
it as part of your firewall setup).

For configuring telnet and telnetd type:

	configure

You can use --with-ssl to enable the ssl featues and --with-socks to
include SOCKS support.

--enable-warnings adds -Wall to CFLAGS if using GCC.

To build telnet and telnetd type:

	make

Test telnet like this:
	telnet -z ssl www.netscape.com https
(if https is unknown then use 443 :-)
then type
	GET /
and you should get back the HTML for the Netscape home page

For installing put the path of telnetd in /etc/inetd.conf and send a
kill -HUP to inetd. (On SCO this is not working :( ). Then you have to
install at least the self-signed certificates

I assume that the following exist:

/usr/local/ssl/bin         (all the SSL utilites)
/usr/local/ssl/lib         (libcrypto.a, libssl.a)
/usr/local/ssl/include     (required SSL and DES header files)

/usr/local/ssl/certs       PUBLIC keys
/usr/local/ssl/private     PRIVATE keys

For telnetd you can operate using a self-signed certificate (this is the
simpliest way of driving SSL as a "simple" stream encryption
library). To generate the required files do the following:

PATH=$PATH:/usr/local/ssl/bin

# SSLeay 0.5.0b+ (21-Dec-95) supports a quick mechanism for generating
#                            "dummy" certificates
cd /usr/local/ssl/certs
req -new -x509 -nodes -out telnetd.pem -keyout telnetd.pem
ln -s telnetd.pem `x509 -noout -hash < telnetd.pem`.0

Then *test* that verify likes the setup

verify /usr/local/ssl/certs/telnetd.pem

SSL bugs should be directed to ssl-bugs@mincom.oz.au
SSL comments/discussion should be directed to ssl-users@mincom.oz.au

If you email ssl-users-request@mincom.oz.au you will be emailed 
instructions on how to interact with the majordomo varient that 
is managing this list.


Have a look at the README.apps files for the documentation that 
Tim Hudson <tjh@mincom.oz.au> put together for the original SSLtelnet
on which these patches are based.

