source: archive/openssl.xml

trunk
Last change on this file was 3f2db3a6, checked in by Pierre Labastie <pierre.labastie@…>, 17 months ago

Remove sect1info tags

They only contain a date tag that is nowhere used.
  • Property mode set to 100644
File size: 8.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY openssl-download-http
8 "https://openssl.org/source/openssl-&openssl-version;.tar.gz">
9 <!ENTITY openssl-download-ftp
10 "ftp://openssl.org/source/openssl-&openssl-version;.tar.gz">
11 <!ENTITY openssl-md5sum "ba5f1b8b835b88cadbce9b35ed9531a6">
12 <!ENTITY openssl-size "5.2 MB">
13 <!ENTITY openssl-buildsize "73 MB (with tests)">
14 <!ENTITY openssl-time "1.5 SBU (with tests)">
15]>
16
17<sect1 id="openssl" xreflabel="OpenSSL-&openssl-version;">
18 <?dbhtml filename="openssl.html"?>
19
20
21 <title>OpenSSL-&openssl-version;</title>
22
23 <indexterm zone="openssl">
24 <primary sortas="a-OpenSSL">OpenSSL</primary>
25 </indexterm>
26
27 <sect2 role="package">
28 <title>Introduction to OpenSSL</title>
29
30 <para>
31 The <application>OpenSSL</application> package contains management tools
32 and libraries relating to cryptography. These are useful for providing
33 cryptographic functions to other packages, such as
34 <application>OpenSSH</application>, email applications and web browsers
35 (for accessing HTTPS sites).
36 </para>
37
38 &lfs81_checked;
39
40 <bridgehead renderas="sect3">Package Information</bridgehead>
41 <itemizedlist spacing="compact">
42 <listitem>
43 <para>
44 Download (HTTP): <ulink url="&openssl-download-http;"/>
45 </para>
46 </listitem>
47 <listitem>
48 <para>
49 Download (FTP): <ulink url="&openssl-download-ftp;"/>
50 </para>
51 </listitem>
52 <listitem>
53 <para>
54 Download MD5 sum: &openssl-md5sum;
55 </para>
56 </listitem>
57 <listitem>
58 <para>
59 Download size: &openssl-size;
60 </para>
61 </listitem>
62 <listitem>
63 <para>
64 Estimated disk space required: &openssl-buildsize;
65 </para>
66 </listitem>
67 <listitem>
68 <para>
69 Estimated build time: &openssl-time;
70 </para>
71 </listitem>
72 </itemizedlist>
73
74 <para condition="html" role="usernotes">
75 User Notes: <ulink url='&blfs-wiki;/OpenSSL'/>
76 </para>
77 </sect2>
78
79 <sect2 role="installation">
80 <title>Installation of OpenSSL</title>
81
82 <para>
83 Install <application>OpenSSL</application> with the following commands:
84 </para>
85
86
87<screen><userinput>./config --prefix=/usr \
88 --openssldir=/etc/ssl \
89 --libdir=lib \
90 shared \
91 zlib-dynamic &amp;&amp;
92make</userinput></screen>
93
94 <para>
95 To test the results, issue: <command>make test</command>.
96 </para>
97
98 <para>
99 If you want to disable installing the static libraries, use this sed:
100 </para>
101
102<screen><userinput>sed -i 's# libcrypto.a##;s# libssl.a##;/INSTALL_LIBS/s#libcrypto.a##' Makefile</userinput></screen>
103
104 <para>
105 Now, as the <systemitem class="username">root</systemitem> user:
106 </para>
107
108<!-- dev note: make INSTALL_PREFIX=<DESTDIR> MANDIR=/usr/share/man MANSUFFIX=ssl install -->
109
110<screen role="root"><userinput>make MANSUFFIX=ssl install &amp;&amp;
111mv -v /usr/share/doc/openssl{,-&openssl-version;} &amp;&amp;
112cp -vfr doc/* /usr/share/doc/openssl-&openssl-version;</userinput></screen>
113
114 </sect2>
115
116 <sect2 role="commands">
117 <title>Command Explanations</title>
118
119 <para>
120 <parameter>shared</parameter>: This parameter forces the creation of
121 shared libraries along with the static libraries.
122 </para>
123
124 <para>
125 <parameter>zlib-dynamic</parameter>: This parameter adds
126 compression/decompression functionality using the
127 <filename class="libraryfile">libz</filename> library.
128 </para>
129
130 <para>
131 <option>no-rc5 no-idea</option>: When added to the
132 <command>./config</command> command, this will eliminate the building
133 of those encryption methods. Patent licenses may be needed for you to
134 utilize either of those methods in your projects.
135 </para>
136
137 <para>
138 <command>make MANSUFFIX=ssl install</command>:
139 This command appends an "ssl" suffix to the manual page names to avoid
140 conflicts with manual pages installed by other packages.
141 </para>
142
143 </sect2>
144
145 <sect2 role="configuration">
146 <title>Configuring OpenSSL</title>
147
148 <sect3 id="openssl-config">
149 <title>Config Files</title>
150
151 <para>
152 <filename>/etc/ssl/openssl.cnf</filename>
153 </para>
154
155 <indexterm zone="openssl openssl-config">
156 <primary sortas="e-etc-ssl-openssl.cnf">/etc/ssl/openssl.cnf</primary>
157 </indexterm>
158
159 </sect3>
160
161 <sect3>
162 <title>Configuration Information</title>
163
164 <para>
165 Most users will want to install Certificate Authority Certificates
166 for validation of downloaded certificates. For example, these
167 certificates can be used by <xref linkend='git'/>,
168 <xref linkend='curl'/> or <xref linkend='wget'/> when accessing secure
169 (https protocol) sites. To do this, follow the instructions from the
170 <xref linkend='cacerts'/> page.
171 </para>
172
173 <para>
174 Users who just want to use <application>OpenSSL</application> for
175 providing functions to other programs such as
176 <application>OpenSSH</application> and web browsers do not need to worry
177 about additional configuration. This is an advanced topic and those
178 who do need it would normally be expected to either know how to properly
179 update <filename>/etc/ssl/openssl.cnf</filename> or be able to find out
180 how to do it.
181 </para>
182
183 </sect3>
184
185 </sect2>
186
187 <sect2 role="content">
188 <title>Contents</title>
189
190 <segmentedlist>
191 <segtitle>Installed Programs</segtitle>
192 <segtitle>Installed Libraries</segtitle>
193 <segtitle>Installed Directories</segtitle>
194
195 <seglistitem>
196 <seg>
197 c_rehash and openssl
198 </seg>
199 <seg>
200 libcrypto.{so,a} and libssl.{so,a}
201 </seg>
202 <seg>
203 /etc/ssl,
204 /usr/include/openssl,
205 /usr/lib/engines and
206 /usr/share/doc/openssl-&openssl-version;
207 </seg>
208 </seglistitem>
209 </segmentedlist>
210
211 <variablelist>
212 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
213 <?dbfo list-presentation="list"?>
214 <?dbhtml list-presentation="table"?>
215
216 <varlistentry id="c_rehash">
217 <term><command>c_rehash</command></term>
218 <listitem>
219 <para>
220 is a <application>Perl</application> script that scans all files in
221 a directory and adds symbolic links to their hash values.
222 </para>
223 <indexterm zone="openssl c_rehash">
224 <primary sortas="b-c_rehash">c_rehash</primary>
225 </indexterm>
226 </listitem>
227 </varlistentry>
228
229 <varlistentry id="openssl-prog">
230 <term><command>openssl</command></term>
231 <listitem>
232 <para>
233 is a command-line tool for using the various cryptography functions
234 of <application>OpenSSL</application>'s crypto library from the
235 shell. It can be used for various functions which are documented in
236 <command>man 1 openssl</command>.
237 </para>
238 <indexterm zone="openssl openssl-prog">
239 <primary sortas="b-openssl">openssl</primary>
240 </indexterm>
241 </listitem>
242 </varlistentry>
243
244 <varlistentry id="libcrypto">
245 <term><filename class="libraryfile">libcrypto.{so,a}</filename></term>
246 <listitem>
247 <para>
248 implements a wide range of cryptographic algorithms used in various
249 Internet standards. The services provided by this library are used
250 by the <application>OpenSSL</application> implementations of SSL,
251 TLS and S/MIME, and they have also been used to implement
252 <application>OpenSSH</application>,
253 <application>OpenPGP</application>, and other cryptographic
254 standards.
255 </para>
256 <indexterm zone="openssl libcrypto">
257 <primary sortas="c-libcrypto">libcrypto.{so,a}</primary>
258 </indexterm>
259 </listitem>
260 </varlistentry>
261
262 <varlistentry id="libssl">
263 <term><filename class="libraryfile">libssl.{so,a}</filename></term>
264 <listitem>
265 <para>
266 implements the Transport Layer Security (TLS v1) protocol.
267 It provides a rich API, documentation
268 on which can be found by running <command>man 3 ssl</command>.
269 </para>
270 <indexterm zone="openssl libssl">
271 <primary sortas="c-libssl">libssl.{so,a}</primary>
272 </indexterm>
273 </listitem>
274 </varlistentry>
275
276 </variablelist>
277
278 </sect2>
279
280</sect1>
Note: See TracBrowser for help on using the repository browser.