Changeset bbdb0d16

Timestamp:

03/02/2012 02:29:21 PM (12 years ago)

Author:

Andrew Benton <andy@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

f3a295dc

Parents:

27b160c

Message:

openssl-1.0.0g

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@9565 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/openssl.xml (modified) (15 diffs)

postlfs/security/openssl.xml

@@ -5 +5 @@
   %general-entities;
 
-  <!ENTITY openssl-download-http "http://www.openssl.org/source/openssl-&openssl-version;.tar.gz">
-  <!ENTITY openssl-download-ftp  "ftp://ftp.openssl.org/source/openssl-&openssl-version;.tar.gz">
-  <!ENTITY openssl-md5sum        "7040b89c4c58c7a1016c0dfa6e821c86">
+  <!ENTITY openssl-download-http
+  "http://www.openssl.org/source/openssl-&openssl-version;.tar.gz">
+  <!ENTITY openssl-download-ftp
+  "ftp://ftp.openssl.org/source/openssl-&openssl-version;.tar.gz">
+  <!ENTITY openssl-md5sum        "07ecbe4324f140d157478637d6beccf1">
   <!ENTITY openssl-size          "3.9 MB">
-  <!ENTITY openssl-buildsize     "54 MB">
-  <!ENTITY openssl-time          "1.1 SBU (additional 0.3 SBU to run the test suite)">
+  <!ENTITY openssl-buildsize     "55 MB">
+  <!ENTITY openssl-time          "1.1 SBU">
 ]>
 
@@ -30 +32 @@
     <title>Introduction to OpenSSL</title>
 
-    <para>The <application>OpenSSL</application> package contains management
-    tools and libraries relating to cryptography.  These are useful for
-    providing cryptography functions to other packages, notably
-    <application>OpenSSH</application>, email applications and web browsers
-    (for accessing HTTPS sites).</para>
+    <para>
+      The <application>OpenSSL</application> package contains management tools
+      and libraries relating to cryptography.  These are useful for providing
+      cryptography functions to other packages, such as
+      <application>OpenSSH</application>, email applications and web browsers
+      (for accessing HTTPS sites).
+    </para>
 
     &lfs70_checked;
@@ -41 +45 @@
     <itemizedlist spacing="compact">
       <listitem>
-        <para>Download (HTTP): <ulink url="&openssl-download-http;"/></para>
-      </listitem>
-      <listitem>
-        <para>Download (FTP): <ulink url="&openssl-download-ftp;"/></para>
-      </listitem>
-      <listitem>
-        <para>Download MD5 sum: &openssl-md5sum;</para>
-      </listitem>
-      <listitem>
-        <para>Download size: &openssl-size;</para>
-      </listitem>
-      <listitem>
-        <para>Estimated disk space required: &openssl-buildsize;</para>
-      </listitem>
-      <listitem>
-        <para>Estimated build time: &openssl-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&openssl-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&openssl-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &openssl-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &openssl-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &openssl-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &openssl-time;
+        </para>
       </listitem>
     </itemizedlist>
@@ -63 +79 @@
     <itemizedlist spacing='compact'>
       <listitem>
-        <para>Required patches: <ulink
-        url="&patch-root;/openssl-&openssl-version;-fix_manpages-1.patch"/></para>
+        <para>
+          Required patch: <ulink
+          url="&patch-root;/openssl-&openssl-version;-fix_manpages-1.patch"/>
+        </para>
       </listitem>
     </itemizedlist>
@@ -71 +89 @@
 
     <bridgehead renderas="sect4">Optional</bridgehead>
-    <para role="optional"><xref linkend="mitkrb"/> or
-    <xref linkend="heimdal"/>, and <xref linkend="bc"/> (required for full
-    coverage by the test suite during the build)</para>
-
-    <para condition="html" role="usernotes">User Notes:
-    <ulink url='&blfs-wiki;/OpenSSL'/></para>
+    <para role="optional">
+      <xref linkend="mitkrb"/> or
+      <xref linkend="heimdal"/> and
+      <xref linkend="bc"/> (required for full coverage by the test suite during
+      the build)
+    </para>
+
+    <para condition="html" role="usernotes">
+      User Notes: <ulink url='&blfs-wiki;/OpenSSL'/>
+    </para>
 
   </sect2>
@@ -83 +105 @@
     <title>Installation of OpenSSL</title>
 
-    <para>Install <application>OpenSSL</application> by running
-    the following commands:</para>
+    <para>
+      Install <application>OpenSSL</application> by running the following
+      commands:
+    </para>
 
 <screen><userinput>patch -Np1 -i ../openssl-&openssl-version;-fix_manpages-1.patch &amp;&amp;
-
-./config --prefix=/usr         \
-         --openssldir=/etc/ssl \
-         shared                \
-         zlib-dynamic          &amp;&amp;
+./config --prefix=/usr   zlib-dynamic \
+         --openssldir=/etc/ssl shared &amp;&amp;
 make</userinput></screen>
 
-    <para>To test the results, issue: <command>make test</command>.</para>
-
-    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      To test the results, issue: <command>make test</command>.
+    </para>
+
+    <para>
+      If you want to disable installing the static libraries, use this sed:
+    </para>
+
+<screen><userinput>sed -i 's# libcrypto.a##;s# libssl.a##' Makefile</userinput></screen>
+
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 
 <screen role="root"><userinput>make MANDIR=/usr/share/man install                &amp;&amp;
 install -v -d -m755 /usr/share/doc/openssl-&openssl-version; &amp;&amp;
-cp      -v -r       doc/{HOWTO,README,*.{txt,html,gif}} \
-                    /usr/share/doc/openssl-&openssl-version;</userinput></screen>
+cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} /usr/share/doc/openssl-&openssl-version;</userinput></screen>
 
   </sect2>
@@ -108 +138 @@
     <title>Command Explanations</title>
 
-    <para><parameter>shared</parameter>: This parameter forces the creation of
-    shared libraries along with the static libraries.</para>
-
-    <para><parameter>zlib-dynamic</parameter>: This parameter adds
-    compression/decompression functionality using the
-    <filename class="libraryfile">libz</filename> library.</para>
-
-    <para><option>no-rc5 no-idea</option>: When added to the
-    <command>./config</command> command, this will eliminate the building
-    of those encryption methods. Patent licenses may be needed for you to
-    utilize either of those methods in your projects.</para>
-
-    <para><command>make MANDIR=/usr/share/man install</command>: This command
-    installs <application>OpenSSL</application> with the man pages in
-    <filename class='directory'>/usr/share/man</filename> instead of
-    <filename class='directory'>/etc/ssl/man</filename>.</para>
-
-    <!-- <para><option>enable-tlsext</option>: When added to the
-    <command>./config</command> command, this switch will enable TLS
-    Extensions. Currently this is only RFC 3546 and 4507bis for Server Name
-    Indication.  This allows the use of multiple SSL certificates with multiple
-    virtual hosts in Apache, while using only one IP address and one port for
-    all virtual hosts.</para> -->
-
+    <para>
+      <parameter>shared</parameter>: This parameter forces the creation of
+      shared libraries along with the static libraries.
+    </para>
+
+    <para>
+      <parameter>zlib-dynamic</parameter>: This parameter adds
+      compression/decompression functionality using the
+      <filename class="libraryfile">libz</filename> library.
+    </para>
+
+    <para>
+      <option>no-rc5 no-idea</option>: When added to the
+      <command>./config</command> command, this will eliminate the building
+      of those encryption methods. Patent licenses may be needed for you to
+      utilize either of those methods in your projects.
+    </para>
+
+    <para>
+      <command>make MANDIR=/usr/share/man install</command>: This command
+      installs <application>OpenSSL</application> with the man pages in
+      <filename class='directory'>/usr/share/man</filename> instead of
+      <filename class='directory'>/etc/ssl/man</filename>.
+    </para>
   </sect2>
 
@@ -140 +170 @@
       <title>Config Files</title>
 
-      <para><filename>/etc/ssl/openssl.cnf</filename></para>
+      <para>
+      <filename>/etc/ssl/openssl.cnf</filename>
+      </para>
 
       <indexterm zone="openssl openssl-config">
@@ -147 +179 @@
 
     </sect3>
-
     <sect3>
       <title>Configuration Information</title>
 
-      <para>Most users will want to install Certificate Authority Certificates
-      for validataion of downloaded certificates.  For example, these
-      certificates are used by <xref linkend='firefox'/> or <xref
-      linkend='wget'/> when accessing secure (https protocol) sites.  To do this, 
-      follow the instructions from the <xref linkend='cacerts'/> page.</para> 
-
-      <para>Users who just want to use <application>OpenSSL</application> for
-      providing functions to other programs such as
-      <application>OpenSSH</application> and web browsers do not need to worry
-      about additional configuration. This is an advanced topic and so those
-      who do need it would normally be expected to either know how to properly
-      update <filename>/etc/ssl/openssl.cnf</filename> or be able to find out
-      how to do it.</para>
-
+      <para>
+        Most users will want to install Certificate Authority Certificates
+        for validataion of downloaded certificates.  For example, these
+        certificates are used by <xref linkend='git'/>, <xref linkend='curl'/>
+        or <xref linkend='wget'/> when accessing secure (https protocol) sites.
+        To do this, follow the instructions from the <xref linkend='cacerts'/>
+        page.
+      </para> 
+
+      <para>
+        Users who just want to use <application>OpenSSL</application> for
+        providing functions to other programs such as
+        <application>OpenSSH</application> and web browsers do not need to worry
+        about additional configuration. This is an advanced topic and so those
+        who do need it would normally be expected to either know how to properly
+        update <filename>/etc/ssl/openssl.cnf</filename> or be able to find out
+        how to do it.
+      </para>
     </sect3>
-
   </sect2>
 
@@ -179 +213 @@
       <seglistitem>
         <seg>c_rehash and openssl</seg>
-        <seg>libcrypto.{so,a}, libssl.{so,a}, and additional encryption
-        libraries in /usr/lib/engines/ (lib4758cca.so, libaep.so,
-        libatalla.so, libcapi.so, libchil.so, libcswift.so, libgmp.so,
-        libgost.so, libnuron.so, libpadlock.so, libsureware.so, and
-        libubsec.so)</seg>
+        <seg>
+          libcrypto.{so,a}, libssl.{so,a}, and additional encryption
+          libraries in /usr/lib/engines/ (lib4758cca.so, libaep.so,
+          libatalla.so, libcapi.so, libchil.so, libcswift.so, libgmp.so,
+          libgost.so, libnuron.so, libpadlock.so, libsureware.so, and
+          libubsec.so)
+        </seg>
         <seg>/etc/ssl, /usr/include/openssl, /usr/lib/engines
         and /usr/share/doc/openssl-&openssl-version;</seg>
@@ -197 +233 @@
         <term><command>c_rehash</command></term>
         <listitem>
-          <para>is a <application>Perl</application> script that scans
-          all files in a directory and adds symbolic links to their hash
-          values.</para>
+          <para>
+            is a <application>Perl</application> script that scans all files in
+            a directory and adds symbolic links to their hash values.
+          </para>
           <indexterm zone="openssl c_rehash">
             <primary sortas="b-c_rehash">c_rehash</primary>
@@ -209 +246 @@
         <term><command>openssl</command></term>
         <listitem>
-          <para>is a command-line tool for using the various cryptography
-          functions of <application>OpenSSL</application>'s crypto
-          library from the shell. It can be used for various functions which are
-          documented in <command>man 1 openssl</command>.</para>
+          <para>
+            is a command-line tool for using the various cryptography functions
+            of <application>OpenSSL</application>'s crypto library from the
+            shell. It can be used for various functions which are documented in
+            <command>man 1 openssl</command>.
+          </para>
           <indexterm zone="openssl openssl-prog">
             <primary sortas="b-openssl">openssl</primary>
@@ -222 +261 @@
         <term><filename class='libraryfile'>libcrypto.{so,a}</filename></term>
         <listitem>
-          <para>implements a wide range of cryptographic algorithms used in
-          various Internet standards. The services provided by  this library
-          are used by the <application>OpenSSL</application> implementations of
-          SSL, TLS and S/MIME, and they have also been used to implement
-          <application>OpenSSH</application>, <application>OpenPGP</application>,
-          and other cryptographic standards.</para>
+          <para>
+            implements a wide range of cryptographic algorithms used in various
+            Internet standards. The services provided by  this library are used
+            by the <application>OpenSSL</application> implementations of SSL,
+            TLS and S/MIME, and they have also been used to implement
+            <application>OpenSSH</application>,
+            <application>OpenPGP</application>, and other cryptographic
+            standards.
+          </para>
           <indexterm zone="openssl libcrypto">
             <primary sortas="c-libcrypto">libcrypto.{so,a}</primary>
@@ -237 +279 @@
         <term><filename class='libraryfile'>libssl.{so,a}</filename></term>
         <listitem>
-          <para>implements the Secure Sockets Layer (SSL v2/v3) and Transport
-          Layer Security (TLS v1) protocols. It provides a rich API, documentation
-          on which can be found by running <command>man 3 ssl</command>.</para>
+          <para>
+            implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer
+            Security (TLS v1) protocols. It provides a rich API, documentation
+            on which can be found by running <command>man 3 ssl</command>.
+          </para>
           <indexterm zone="openssl libssl">
             <primary sortas="c-libssl">libssl.{so,a}</primary>
@@ -245 +289 @@
         </listitem>
       </varlistentry>
-
     </variablelist>
-
-  </sect2>
-
+  </sect2>
 </sect1>