source: postlfs/security/openssl.xml@ 0134954

10.0 10.1 11.0 7.10 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind ken/refactor-virt lazarus nosym perl-modules qt5new trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 0134954 was 0134954, checked in by Bruce Dubbs <bdubbs@…>, 5 years ago

Initial 7.10 tags; only 765 to go

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@17651 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 10.0 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY openssl-download-http
8 "https://openssl.org/source/openssl-&openssl-version;.tar.gz">
9 <!ENTITY openssl-download-ftp
10 "ftp://openssl.org/source/openssl-&openssl-version;.tar.gz">
11 <!ENTITY openssl-md5sum "9392e65072ce4b614c1392eefc1f23d0">
12 <!ENTITY openssl-size "5.0 MB">
13 <!ENTITY openssl-buildsize "51 MB (with tests)">
14 <!ENTITY openssl-time "1.6 SBU (with tests)">
15]>
16
17<sect1 id="openssl" xreflabel="OpenSSL-&openssl-version;">
18 <?dbhtml filename="openssl.html"?>
19
20 <sect1info>
21 <othername>$LastChangedBy$</othername>
22 <date>$Date$</date>
23 </sect1info>
24
25 <title>OpenSSL-&openssl-version;</title>
26
27 <indexterm zone="openssl">
28 <primary sortas="a-OpenSSL">OpenSSL</primary>
29 </indexterm>
30
31 <sect2 role="package">
32 <title>Introduction to OpenSSL</title>
33
34 <para>
35 The <application>OpenSSL</application> package contains management tools
36 and libraries relating to cryptography. These are useful for providing
37 cryptography functions to other packages, such as
38 <application>OpenSSH</application>, email applications and web browsers
39 (for accessing HTTPS sites).
40 </para>
41
42 &lfs7a_checked;
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>
48 Download (HTTP): <ulink url="&openssl-download-http;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download (FTP): <ulink url="&openssl-download-ftp;"/>
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download MD5 sum: &openssl-md5sum;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Download size: &openssl-size;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated disk space required: &openssl-buildsize;
69 </para>
70 </listitem>
71 <listitem>
72 <para>
73 Estimated build time: &openssl-time;
74 </para>
75 </listitem>
76 </itemizedlist>
77<!--
78 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
79 <itemizedlist spacing="compact">
80 <listitem>
81 <para>
82 Required patch:
83 <ulink url="&patch-root;/openssl-&openssl-version;-fix_parallel_build-1.patch"/>
84 </para>
85 </listitem>
86 </itemizedlist>
87-->
88 <bridgehead renderas="sect3">OpenSSL Dependencies</bridgehead>
89
90 <bridgehead renderas="sect4">Optional</bridgehead>
91 <para role="optional">
92 <xref linkend="mitkrb"/>
93 </para>
94
95 <para condition="html" role="usernotes">
96 User Notes: <ulink url='&blfs-wiki;/OpenSSL'/>
97 </para>
98 </sect2>
99
100 <sect2 role="installation">
101 <title>Installation of OpenSSL</title>
102
103 <para>
104 Install <application>OpenSSL</application> with the following commands:
105 </para>
106
107<!-- libdir=lib so it doesn't write over /usr/lib64 symlink on 64 bit system.
108 Might break packaging. -->
109
110<!-- Parallel build for version 1.0.2d at -j8 works for me without the patch.
111 But it only reduces build time from 1.0 to 0.7 SBU - Bruce
112
113<screen><userinput>patch -Np1 -i ../openssl-&openssl-version;-fix_parallel_build-1.patch &amp;&amp;-->
114<screen><userinput>./config --prefix=/usr \
115 --openssldir=/etc/ssl \
116 --libdir=lib \
117 shared \
118 zlib-dynamic &amp;&amp;
119make depend &amp;&amp;
120make</userinput></screen>
121
122 <para>
123 To test the results, issue: <command>make -j1 test</command>. The
124 test suite does not support parallel jobs.
125 </para>
126
127 <para>
128 If you want to disable installing the static libraries, use this sed:
129 </para>
130
131<screen><userinput>sed -i 's# libcrypto.a##;s# libssl.a##' Makefile</userinput></screen>
132
133 <para>
134 Now, as the <systemitem class="username">root</systemitem> user:
135 </para>
136
137<!-- dev note: make INSTALL_PREFIX=<DESTDIR> MANDIR=/usr/share/man MANSUFFIX=ssl install -->
138
139<screen role="root"><userinput>make MANDIR=/usr/share/man MANSUFFIX=ssl install &amp;&amp;
140install -dv -m755 /usr/share/doc/openssl-&openssl-version; &amp;&amp;
141cp -vfr doc/* /usr/share/doc/openssl-&openssl-version;</userinput></screen>
142
143 </sect2>
144
145 <sect2 role="commands">
146 <title>Command Explanations</title>
147
148 <para>
149 <parameter>shared</parameter>: This parameter forces the creation of
150 shared libraries along with the static libraries.
151 </para>
152
153 <para>
154 <parameter>zlib-dynamic</parameter>: This parameter adds
155 compression/decompression functionality using the
156 <filename class="libraryfile">libz</filename> library.
157 </para>
158
159 <para>
160 <option>no-rc5 no-idea</option>: When added to the
161 <command>./config</command> command, this will eliminate the building
162 of those encryption methods. Patent licenses may be needed for you to
163 utilize either of those methods in your projects.
164 </para>
165
166 <para>
167 <command>make MANDIR=/usr/share/man MANSUFFIX=ssl install</command>:
168 This command installs <application>OpenSSL</application> with the man
169 pages in <filename class="directory">/usr/share/man</filename>
170 instead of <filename class="directory">/etc/ssl/man</filename> and
171 appends "ssl" suffix to the manual page names to avoid conflicts with
172 manual pages installed by other packages.
173 </para>
174
175 </sect2>
176
177 <sect2 role="configuration">
178 <title>Configuring OpenSSL</title>
179
180 <sect3 id="openssl-config">
181 <title>Config Files</title>
182
183 <para>
184 <filename>/etc/ssl/openssl.cnf</filename>
185 </para>
186
187 <indexterm zone="openssl openssl-config">
188 <primary sortas="e-etc-ssl-openssl.cnf">/etc/ssl/openssl.cnf</primary>
189 </indexterm>
190
191 </sect3>
192
193 <sect3>
194 <title>Configuration Information</title>
195
196 <para>
197 Most users will want to install Certificate Authority Certificates
198 for validation of downloaded certificates. For example, these
199 certificates can be used by <xref linkend='git'/>,
200 <xref linkend='curl'/> or <xref linkend='wget'/> when accessing secure
201 (https protocol) sites. To do this, follow the instructions from the
202 <xref linkend='cacerts'/> page.
203 </para>
204
205 <para>
206 Users who just want to use <application>OpenSSL</application> for
207 providing functions to other programs such as
208 <application>OpenSSH</application> and web browsers do not need to worry
209 about additional configuration. This is an advanced topic and those
210 who do need it would normally be expected to either know how to properly
211 update <filename>/etc/ssl/openssl.cnf</filename> or be able to find out
212 how to do it.
213 </para>
214
215 </sect3>
216
217 </sect2>
218
219 <sect2 role="content">
220 <title>Contents</title>
221
222 <segmentedlist>
223 <segtitle>Installed Programs</segtitle>
224 <segtitle>Installed Libraries</segtitle>
225 <segtitle>Installed Directories</segtitle>
226
227 <seglistitem>
228 <seg>
229 c_rehash and openssl
230 </seg>
231 <seg>
232 libcrypto.{so,a} and libssl.{so,a}
233 </seg>
234 <seg>
235 /etc/ssl,
236 /usr/include/openssl,
237 /usr/lib/engines and
238 /usr/share/doc/openssl-&openssl-version;
239 </seg>
240 </seglistitem>
241 </segmentedlist>
242
243 <variablelist>
244 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
245 <?dbfo list-presentation="list"?>
246 <?dbhtml list-presentation="table"?>
247
248 <varlistentry id="c_rehash">
249 <term><command>c_rehash</command></term>
250 <listitem>
251 <para>
252 is a <application>Perl</application> script that scans all files in
253 a directory and adds symbolic links to their hash values.
254 </para>
255 <indexterm zone="openssl c_rehash">
256 <primary sortas="b-c_rehash">c_rehash</primary>
257 </indexterm>
258 </listitem>
259 </varlistentry>
260
261 <varlistentry id="openssl-prog">
262 <term><command>openssl</command></term>
263 <listitem>
264 <para>
265 is a command-line tool for using the various cryptography functions
266 of <application>OpenSSL</application>'s crypto library from the
267 shell. It can be used for various functions which are documented in
268 <command>man 1 openssl</command>.
269 </para>
270 <indexterm zone="openssl openssl-prog">
271 <primary sortas="b-openssl">openssl</primary>
272 </indexterm>
273 </listitem>
274 </varlistentry>
275
276 <varlistentry id="libcrypto">
277 <term><filename class="libraryfile">libcrypto.{so,a}</filename></term>
278 <listitem>
279 <para>
280 implements a wide range of cryptographic algorithms used in various
281 Internet standards. The services provided by this library are used
282 by the <application>OpenSSL</application> implementations of SSL,
283 TLS and S/MIME, and they have also been used to implement
284 <application>OpenSSH</application>,
285 <application>OpenPGP</application>, and other cryptographic
286 standards.
287 </para>
288 <indexterm zone="openssl libcrypto">
289 <primary sortas="c-libcrypto">libcrypto.{so,a}</primary>
290 </indexterm>
291 </listitem>
292 </varlistentry>
293
294 <varlistentry id="libssl">
295 <term><filename class="libraryfile">libssl.{so,a}</filename></term>
296 <listitem>
297 <para>
298 implements the Transport Layer Security (TLS v1) protocol.
299 It provides a rich API, documentation
300 on which can be found by running <command>man 3 ssl</command>.
301 </para>
302 <indexterm zone="openssl libssl">
303 <primary sortas="c-libssl">libssl.{so,a}</primary>
304 </indexterm>
305 </listitem>
306 </varlistentry>
307
308 </variablelist>
309
310 </sect2>
311
312</sect1>
Note: See TracBrowser for help on using the repository browser.