source: postlfs/security/openssl.xml@ 1fb2507

systemd-13485
Last change on this file since 1fb2507 was 6d27308, checked in by Douglas R. Reno <renodr@…>, 8 years ago

GCC6 Tags

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@17356 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 10.0 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY openssl-download-http
8 "https://openssl.org/source/openssl-&openssl-version;.tar.gz">
9 <!ENTITY openssl-download-ftp
10 "ftp://openssl.org/source/openssl-&openssl-version;.tar.gz">
11 <!ENTITY openssl-md5sum "9392e65072ce4b614c1392eefc1f23d0">
12 <!ENTITY openssl-size "5.0 MB">
13 <!ENTITY openssl-buildsize "51 MB (with tests)">
14 <!ENTITY openssl-time "1.6 SBU (with tests)">
15]>
16
17<sect1 id="openssl" xreflabel="OpenSSL-&openssl-version;">
18 <?dbhtml filename="openssl.html"?>
19
20 <sect1info>
21 <othername>$LastChangedBy$</othername>
22 <date>$Date$</date>
23 </sect1info>
24
25 <title>OpenSSL-&openssl-version;</title>
26
27 <indexterm zone="openssl">
28 <primary sortas="a-OpenSSL">OpenSSL</primary>
29 </indexterm>
30
31 <sect2 role="package">
32 <title>Introduction to OpenSSL</title>
33
34 <para>
35 The <application>OpenSSL</application> package contains management tools
36 and libraries relating to cryptography. These are useful for providing
37 cryptography functions to other packages, such as
38 <application>OpenSSH</application>, email applications, and web browsers
39 (for accessing HTTPS sites).
40 </para>
41
42 &lfs79_checked;
43
44 &gcc6_checked;
45
46 <bridgehead renderas="sect3">Package Information</bridgehead>
47 <itemizedlist spacing="compact">
48 <listitem>
49 <para>
50 Download (HTTP): <ulink url="&openssl-download-http;"/>
51 </para>
52 </listitem>
53 <listitem>
54 <para>
55 Download (FTP): <ulink url="&openssl-download-ftp;"/>
56 </para>
57 </listitem>
58 <listitem>
59 <para>
60 Download MD5 sum: &openssl-md5sum;
61 </para>
62 </listitem>
63 <listitem>
64 <para>
65 Download size: &openssl-size;
66 </para>
67 </listitem>
68 <listitem>
69 <para>
70 Estimated disk space required: &openssl-buildsize;
71 </para>
72 </listitem>
73 <listitem>
74 <para>
75 Estimated build time: &openssl-time;
76 </para>
77 </listitem>
78 </itemizedlist>
79
80<!--
81 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
82 <itemizedlist spacing="compact">
83 <listitem>
84 <para>
85 Required patch:
86 <ulink url="&patch-root;/openssl-&openssl-version;-fix_parallel_build-1.patch"/>
87 </para>
88 </listitem>
89 </itemizedlist>
90-->
91
92 <bridgehead renderas="sect3">OpenSSL Dependencies</bridgehead>
93
94 <bridgehead renderas="sect4">Optional</bridgehead>
95 <para role="optional">
96 <xref linkend="mitkrb"/>
97 </para>
98
99 <para condition="html" role="usernotes">
100 User Notes: <ulink url='&blfs-wiki;/OpenSSL'/>
101 </para>
102 </sect2>
103
104 <sect2 role="installation">
105 <title>Installation of OpenSSL</title>
106
107 <para>
108 Install <application>OpenSSL</application> with the following commands:
109 </para>
110
111<!-- libdir=lib so it doesn't write over /usr/lib64 symlink on 64 bit system.
112 Might break packaging. -->
113
114<!-- Parallel build for version 1.0.2d at -j8 works for me without the patch.
115 But it only reduces build time from 1.0 to 0.7 SBU - Bruce
116
117<screen><userinput>patch -Np1 -i ../openssl-&openssl-version;-fix_parallel_build-1.patch &amp;&amp;-->
118
119<screen><userinput>./config --prefix=/usr \
120 --openssldir=/etc/ssl \
121 --libdir=lib \
122 shared \
123 zlib-dynamic &amp;&amp;
124make depend &amp;&amp;
125make</userinput></screen>
126
127 <para>
128 To test the results, issue: <command>make -j1 test</command>. The
129 test suite does not support parallel jobs.
130 </para>
131
132 <para>
133 If you want to disable installing the static libraries, use this sed:
134 </para>
135
136<screen><userinput>sed -i 's# libcrypto.a##;s# libssl.a##' Makefile</userinput></screen>
137
138 <para>
139 Now, as the <systemitem class="username">root</systemitem> user:
140 </para>
141
142<!-- dev note: make INSTALL_PREFIX=<DESTDIR> MANDIR=/usr/share/man MANSUFFIX=ssl install -->
143
144<screen role="root"><userinput>make MANDIR=/usr/share/man MANSUFFIX=ssl install &amp;&amp;
145install -dv -m755 /usr/share/doc/openssl-&openssl-version; &amp;&amp;
146cp -vfr doc/* /usr/share/doc/openssl-&openssl-version;</userinput></screen>
147
148 </sect2>
149
150 <sect2 role="commands">
151 <title>Command Explanations</title>
152
153 <para>
154 <parameter>shared</parameter>: This parameter forces the creation of
155 shared libraries along with the static libraries.
156 </para>
157
158 <para>
159 <parameter>zlib-dynamic</parameter>: This parameter adds
160 compression/decompression functionality using the
161 <filename class="libraryfile">libz</filename> library.
162 </para>
163
164 <para>
165 <option>no-rc5 no-idea</option>: When added to the
166 <command>./config</command> command, this will eliminate the building
167 of those encryption methods. Patent licenses may be needed for you to
168 utilize either of those methods in your projects.
169 </para>
170
171 <para>
172 <command>make MANDIR=/usr/share/man MANSUFFIX=ssl install</command>:
173 This command installs <application>OpenSSL</application> with the man
174 pages in <filename class="directory">/usr/share/man</filename>
175 instead of <filename class="directory">/etc/ssl/man</filename> and
176 appends "ssl" suffix to the manual page names to avoid conflicts with
177 manual pages installed by other packages.
178 </para>
179
180 </sect2>
181
182 <sect2 role="configuration">
183 <title>Configuring OpenSSL</title>
184
185 <sect3 id="openssl-config">
186 <title>Config Files</title>
187
188 <para>
189 <filename>/etc/ssl/openssl.cnf</filename>
190 </para>
191
192 <indexterm zone="openssl openssl-config">
193 <primary sortas="e-etc-ssl-openssl.cnf">/etc/ssl/openssl.cnf</primary>
194 </indexterm>
195
196 </sect3>
197
198 <sect3>
199 <title>Configuration Information</title>
200
201 <para>
202 Most users will want to install Certificate Authority Certificates
203 for validation of downloaded certificates. For example, these
204 certificates can be used by <xref linkend='git'/>,
205 <xref linkend='curl'/>, or <xref linkend='wget'/> when accessing secure
206 (https protocol) sites. To do this, follow the instructions from the
207 <xref linkend='cacerts'/> page.
208 </para>
209
210 <para>
211 Users who just want to use <application>OpenSSL</application> for
212 providing functions to other programs such as
213 <application>OpenSSH</application> and web browsers do not need to worry
214 about additional configuration. This is an advanced topic and those
215 who do need it would normally be expected to either know how to properly
216 update <filename>/etc/ssl/openssl.cnf</filename> or be able to find out
217 how to do it.
218 </para>
219
220 </sect3>
221
222 </sect2>
223
224 <sect2 role="content">
225 <title>Contents</title>
226
227 <segmentedlist>
228 <segtitle>Installed Programs</segtitle>
229 <segtitle>Installed Libraries</segtitle>
230 <segtitle>Installed Directories</segtitle>
231
232 <seglistitem>
233 <seg>
234 c_rehash
235 and openssl
236 </seg>
237 <seg>
238 libcrypto.{so,a}
239 and libssl.{so,a}
240 </seg>
241 <seg>
242 /etc/ssl,
243 /usr/include/openssl,
244 /usr/lib/engines and
245 /usr/share/doc/openssl-&openssl-version;
246 </seg>
247 </seglistitem>
248 </segmentedlist>
249
250 <variablelist>
251 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
252 <?dbfo list-presentation="list"?>
253 <?dbhtml list-presentation="table"?>
254
255 <varlistentry id="c_rehash">
256 <term><command>c_rehash</command></term>
257 <listitem>
258 <para>
259 is a <application>Perl</application> script that scans all files in
260 a directory and adds symbolic links to their hash values.
261 </para>
262 <indexterm zone="openssl c_rehash">
263 <primary sortas="b-c_rehash">c_rehash</primary>
264 </indexterm>
265 </listitem>
266 </varlistentry>
267
268 <varlistentry id="openssl-prog">
269 <term><command>openssl</command></term>
270 <listitem>
271 <para>
272 is a command-line tool for using the various cryptography functions
273 of <application>OpenSSL</application>'s crypto library from the
274 shell. It can be used for various functions which are documented in
275 <command>man 1 openssl</command>.
276 </para>
277 <indexterm zone="openssl openssl-prog">
278 <primary sortas="b-openssl">openssl</primary>
279 </indexterm>
280 </listitem>
281 </varlistentry>
282
283 <varlistentry id="libcrypto">
284 <term><filename class="libraryfile">libcrypto.{so,a}</filename></term>
285 <listitem>
286 <para>
287 implements a wide range of cryptographic algorithms used in various
288 Internet standards. The services provided by this library are used
289 by the <application>OpenSSL</application> implementations of SSL,
290 TLS and S/MIME, and they have also been used to implement
291 <application>OpenSSH</application>,
292 <application>OpenPGP</application>, and other cryptographic
293 standards.
294 </para>
295 <indexterm zone="openssl libcrypto">
296 <primary sortas="c-libcrypto">libcrypto.{so,a}</primary>
297 </indexterm>
298 </listitem>
299 </varlistentry>
300
301 <varlistentry id="libssl">
302 <term><filename class="libraryfile">libssl.{so,a}</filename></term>
303 <listitem>
304 <para>
305 implements the Transport Layer Security (TLS v1) protocol.
306 It provides a rich API, documentation
307 on which can be found by running <command>man 3 ssl</command>.
308 </para>
309 <indexterm zone="openssl libssl">
310 <primary sortas="c-libssl">libssl.{so,a}</primary>
311 </indexterm>
312 </listitem>
313 </varlistentry>
314
315 </variablelist>
316
317 </sect2>
318
319</sect1>
Note: See TracBrowser for help on using the repository browser.