source: postlfs/security/openssl.xml@ af8b2d9

systemd-13485
Last change on this file since af8b2d9 was 98c91f4c, checked in by Douglas R. Reno <renodr@…>, 8 years ago

Update to libndp-1.6 (systemd)
Update to highlight-3.28 (systemd)
Update to rest-0.8.0 (systemd)
Fixed my old GCC6 tags to match trunk's style for easier merging
GCC6 Tags
LFS79 Tags

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@17380 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 10.0 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY openssl-download-http
8 "https://openssl.org/source/openssl-&openssl-version;.tar.gz">
9 <!ENTITY openssl-download-ftp
10 "ftp://openssl.org/source/openssl-&openssl-version;.tar.gz">
11 <!ENTITY openssl-md5sum "9392e65072ce4b614c1392eefc1f23d0">
12 <!ENTITY openssl-size "5.0 MB">
13 <!ENTITY openssl-buildsize "51 MB (with tests)">
14 <!ENTITY openssl-time "1.6 SBU (with tests)">
15]>
16
17<sect1 id="openssl" xreflabel="OpenSSL-&openssl-version;">
18 <?dbhtml filename="openssl.html"?>
19
20 <sect1info>
21 <othername>$LastChangedBy$</othername>
22 <date>$Date$</date>
23 </sect1info>
24
25 <title>OpenSSL-&openssl-version;</title>
26
27 <indexterm zone="openssl">
28 <primary sortas="a-OpenSSL">OpenSSL</primary>
29 </indexterm>
30
31 <sect2 role="package">
32 <title>Introduction to OpenSSL</title>
33
34 <para>
35 The <application>OpenSSL</application> package contains management tools
36 and libraries relating to cryptography. These are useful for providing
37 cryptography functions to other packages, such as
38 <application>OpenSSH</application>, email applications, and web browsers
39 (for accessing HTTPS sites).
40 </para>
41
42 &lfs79_checked;&gcc6_checked;
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>
48 Download (HTTP): <ulink url="&openssl-download-http;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download (FTP): <ulink url="&openssl-download-ftp;"/>
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download MD5 sum: &openssl-md5sum;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Download size: &openssl-size;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated disk space required: &openssl-buildsize;
69 </para>
70 </listitem>
71 <listitem>
72 <para>
73 Estimated build time: &openssl-time;
74 </para>
75 </listitem>
76 </itemizedlist>
77
78<!--
79 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
80 <itemizedlist spacing="compact">
81 <listitem>
82 <para>
83 Required patch:
84 <ulink url="&patch-root;/openssl-&openssl-version;-fix_parallel_build-1.patch"/>
85 </para>
86 </listitem>
87 </itemizedlist>
88-->
89
90 <bridgehead renderas="sect3">OpenSSL Dependencies</bridgehead>
91
92 <bridgehead renderas="sect4">Optional</bridgehead>
93 <para role="optional">
94 <xref linkend="mitkrb"/>
95 </para>
96
97 <para condition="html" role="usernotes">
98 User Notes: <ulink url='&blfs-wiki;/OpenSSL'/>
99 </para>
100 </sect2>
101
102 <sect2 role="installation">
103 <title>Installation of OpenSSL</title>
104
105 <para>
106 Install <application>OpenSSL</application> with the following commands:
107 </para>
108
109<!-- libdir=lib so it doesn't write over /usr/lib64 symlink on 64 bit system.
110 Might break packaging. -->
111
112<!-- Parallel build for version 1.0.2d at -j8 works for me without the patch.
113 But it only reduces build time from 1.0 to 0.7 SBU - Bruce
114
115<screen><userinput>patch -Np1 -i ../openssl-&openssl-version;-fix_parallel_build-1.patch &amp;&amp;-->
116
117<screen><userinput>./config --prefix=/usr \
118 --openssldir=/etc/ssl \
119 --libdir=lib \
120 shared \
121 zlib-dynamic &amp;&amp;
122make depend &amp;&amp;
123make</userinput></screen>
124
125 <para>
126 To test the results, issue: <command>make -j1 test</command>. The
127 test suite does not support parallel jobs.
128 </para>
129
130 <para>
131 If you want to disable installing the static libraries, use this sed:
132 </para>
133
134<screen><userinput>sed -i 's# libcrypto.a##;s# libssl.a##' Makefile</userinput></screen>
135
136 <para>
137 Now, as the <systemitem class="username">root</systemitem> user:
138 </para>
139
140<!-- dev note: make INSTALL_PREFIX=<DESTDIR> MANDIR=/usr/share/man MANSUFFIX=ssl install -->
141
142<screen role="root"><userinput>make MANDIR=/usr/share/man MANSUFFIX=ssl install &amp;&amp;
143install -dv -m755 /usr/share/doc/openssl-&openssl-version; &amp;&amp;
144cp -vfr doc/* /usr/share/doc/openssl-&openssl-version;</userinput></screen>
145
146 </sect2>
147
148 <sect2 role="commands">
149 <title>Command Explanations</title>
150
151 <para>
152 <parameter>shared</parameter>: This parameter forces the creation of
153 shared libraries along with the static libraries.
154 </para>
155
156 <para>
157 <parameter>zlib-dynamic</parameter>: This parameter adds
158 compression/decompression functionality using the
159 <filename class="libraryfile">libz</filename> library.
160 </para>
161
162 <para>
163 <option>no-rc5 no-idea</option>: When added to the
164 <command>./config</command> command, this will eliminate the building
165 of those encryption methods. Patent licenses may be needed for you to
166 utilize either of those methods in your projects.
167 </para>
168
169 <para>
170 <command>make MANDIR=/usr/share/man MANSUFFIX=ssl install</command>:
171 This command installs <application>OpenSSL</application> with the man
172 pages in <filename class="directory">/usr/share/man</filename>
173 instead of <filename class="directory">/etc/ssl/man</filename> and
174 appends "ssl" suffix to the manual page names to avoid conflicts with
175 manual pages installed by other packages.
176 </para>
177
178 </sect2>
179
180 <sect2 role="configuration">
181 <title>Configuring OpenSSL</title>
182
183 <sect3 id="openssl-config">
184 <title>Config Files</title>
185
186 <para>
187 <filename>/etc/ssl/openssl.cnf</filename>
188 </para>
189
190 <indexterm zone="openssl openssl-config">
191 <primary sortas="e-etc-ssl-openssl.cnf">/etc/ssl/openssl.cnf</primary>
192 </indexterm>
193
194 </sect3>
195
196 <sect3>
197 <title>Configuration Information</title>
198
199 <para>
200 Most users will want to install Certificate Authority Certificates
201 for validation of downloaded certificates. For example, these
202 certificates can be used by <xref linkend='git'/>,
203 <xref linkend='curl'/>, or <xref linkend='wget'/> when accessing secure
204 (https protocol) sites. To do this, follow the instructions from the
205 <xref linkend='cacerts'/> page.
206 </para>
207
208 <para>
209 Users who just want to use <application>OpenSSL</application> for
210 providing functions to other programs such as
211 <application>OpenSSH</application> and web browsers do not need to worry
212 about additional configuration. This is an advanced topic and those
213 who do need it would normally be expected to either know how to properly
214 update <filename>/etc/ssl/openssl.cnf</filename> or be able to find out
215 how to do it.
216 </para>
217
218 </sect3>
219
220 </sect2>
221
222 <sect2 role="content">
223 <title>Contents</title>
224
225 <segmentedlist>
226 <segtitle>Installed Programs</segtitle>
227 <segtitle>Installed Libraries</segtitle>
228 <segtitle>Installed Directories</segtitle>
229
230 <seglistitem>
231 <seg>
232 c_rehash
233 and openssl
234 </seg>
235 <seg>
236 libcrypto.{so,a}
237 and libssl.{so,a}
238 </seg>
239 <seg>
240 /etc/ssl,
241 /usr/include/openssl,
242 /usr/lib/engines and
243 /usr/share/doc/openssl-&openssl-version;
244 </seg>
245 </seglistitem>
246 </segmentedlist>
247
248 <variablelist>
249 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
250 <?dbfo list-presentation="list"?>
251 <?dbhtml list-presentation="table"?>
252
253 <varlistentry id="c_rehash">
254 <term><command>c_rehash</command></term>
255 <listitem>
256 <para>
257 is a <application>Perl</application> script that scans all files in
258 a directory and adds symbolic links to their hash values.
259 </para>
260 <indexterm zone="openssl c_rehash">
261 <primary sortas="b-c_rehash">c_rehash</primary>
262 </indexterm>
263 </listitem>
264 </varlistentry>
265
266 <varlistentry id="openssl-prog">
267 <term><command>openssl</command></term>
268 <listitem>
269 <para>
270 is a command-line tool for using the various cryptography functions
271 of <application>OpenSSL</application>'s crypto library from the
272 shell. It can be used for various functions which are documented in
273 <command>man 1 openssl</command>.
274 </para>
275 <indexterm zone="openssl openssl-prog">
276 <primary sortas="b-openssl">openssl</primary>
277 </indexterm>
278 </listitem>
279 </varlistentry>
280
281 <varlistentry id="libcrypto">
282 <term><filename class="libraryfile">libcrypto.{so,a}</filename></term>
283 <listitem>
284 <para>
285 implements a wide range of cryptographic algorithms used in various
286 Internet standards. The services provided by this library are used
287 by the <application>OpenSSL</application> implementations of SSL,
288 TLS and S/MIME, and they have also been used to implement
289 <application>OpenSSH</application>,
290 <application>OpenPGP</application>, and other cryptographic
291 standards.
292 </para>
293 <indexterm zone="openssl libcrypto">
294 <primary sortas="c-libcrypto">libcrypto.{so,a}</primary>
295 </indexterm>
296 </listitem>
297 </varlistentry>
298
299 <varlistentry id="libssl">
300 <term><filename class="libraryfile">libssl.{so,a}</filename></term>
301 <listitem>
302 <para>
303 implements the Transport Layer Security (TLS v1) protocol.
304 It provides a rich API, documentation
305 on which can be found by running <command>man 3 ssl</command>.
306 </para>
307 <indexterm zone="openssl libssl">
308 <primary sortas="c-libssl">libssl.{so,a}</primary>
309 </indexterm>
310 </listitem>
311 </varlistentry>
312
313 </variablelist>
314
315 </sect2>
316
317</sect1>
Note: See TracBrowser for help on using the repository browser.