Changeset bbdb0d16
- Timestamp:
- 03/02/2012 02:29:21 PM (12 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- f3a295dc
- Parents:
- 27b160c
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/openssl.xml
r27b160c rbbdb0d16 5 5 %general-entities; 6 6 7 <!ENTITY openssl-download-http "http://www.openssl.org/source/openssl-&openssl-version;.tar.gz"> 8 <!ENTITY openssl-download-ftp "ftp://ftp.openssl.org/source/openssl-&openssl-version;.tar.gz"> 9 <!ENTITY openssl-md5sum "7040b89c4c58c7a1016c0dfa6e821c86"> 7 <!ENTITY openssl-download-http 8 "http://www.openssl.org/source/openssl-&openssl-version;.tar.gz"> 9 <!ENTITY openssl-download-ftp 10 "ftp://ftp.openssl.org/source/openssl-&openssl-version;.tar.gz"> 11 <!ENTITY openssl-md5sum "07ecbe4324f140d157478637d6beccf1"> 10 12 <!ENTITY openssl-size "3.9 MB"> 11 <!ENTITY openssl-buildsize "5 4MB">12 <!ENTITY openssl-time "1.1 SBU (additional 0.3 SBU to run the test suite)">13 <!ENTITY openssl-buildsize "55 MB"> 14 <!ENTITY openssl-time "1.1 SBU"> 13 15 ]> 14 16 … … 30 32 <title>Introduction to OpenSSL</title> 31 33 32 <para>The <application>OpenSSL</application> package contains management 33 tools and libraries relating to cryptography. These are useful for 34 providing cryptography functions to other packages, notably 35 <application>OpenSSH</application>, email applications and web browsers 36 (for accessing HTTPS sites).</para> 34 <para> 35 The <application>OpenSSL</application> package contains management tools 36 and libraries relating to cryptography. These are useful for providing 37 cryptography functions to other packages, such as 38 <application>OpenSSH</application>, email applications and web browsers 39 (for accessing HTTPS sites). 40 </para> 37 41 38 42 &lfs70_checked; … … 41 45 <itemizedlist spacing="compact"> 42 46 <listitem> 43 <para>Download (HTTP): <ulink url="&openssl-download-http;"/></para> 44 </listitem> 45 <listitem> 46 <para>Download (FTP): <ulink url="&openssl-download-ftp;"/></para> 47 </listitem> 48 <listitem> 49 <para>Download MD5 sum: &openssl-md5sum;</para> 50 </listitem> 51 <listitem> 52 <para>Download size: &openssl-size;</para> 53 </listitem> 54 <listitem> 55 <para>Estimated disk space required: &openssl-buildsize;</para> 56 </listitem> 57 <listitem> 58 <para>Estimated build time: &openssl-time;</para> 47 <para> 48 Download (HTTP): <ulink url="&openssl-download-http;"/> 49 </para> 50 </listitem> 51 <listitem> 52 <para> 53 Download (FTP): <ulink url="&openssl-download-ftp;"/> 54 </para> 55 </listitem> 56 <listitem> 57 <para> 58 Download MD5 sum: &openssl-md5sum; 59 </para> 60 </listitem> 61 <listitem> 62 <para> 63 Download size: &openssl-size; 64 </para> 65 </listitem> 66 <listitem> 67 <para> 68 Estimated disk space required: &openssl-buildsize; 69 </para> 70 </listitem> 71 <listitem> 72 <para> 73 Estimated build time: &openssl-time; 74 </para> 59 75 </listitem> 60 76 </itemizedlist> … … 63 79 <itemizedlist spacing='compact'> 64 80 <listitem> 65 <para>Required patches: <ulink 66 url="&patch-root;/openssl-&openssl-version;-fix_manpages-1.patch"/></para> 81 <para> 82 Required patch: <ulink 83 url="&patch-root;/openssl-&openssl-version;-fix_manpages-1.patch"/> 84 </para> 67 85 </listitem> 68 86 </itemizedlist> … … 71 89 72 90 <bridgehead renderas="sect4">Optional</bridgehead> 73 <para role="optional"><xref linkend="mitkrb"/> or 74 <xref linkend="heimdal"/>, and <xref linkend="bc"/> (required for full 75 coverage by the test suite during the build)</para> 76 77 <para condition="html" role="usernotes">User Notes: 78 <ulink url='&blfs-wiki;/OpenSSL'/></para> 91 <para role="optional"> 92 <xref linkend="mitkrb"/> or 93 <xref linkend="heimdal"/> and 94 <xref linkend="bc"/> (required for full coverage by the test suite during 95 the build) 96 </para> 97 98 <para condition="html" role="usernotes"> 99 User Notes: <ulink url='&blfs-wiki;/OpenSSL'/> 100 </para> 79 101 80 102 </sect2> … … 83 105 <title>Installation of OpenSSL</title> 84 106 85 <para>Install <application>OpenSSL</application> by running 86 the following commands:</para> 107 <para> 108 Install <application>OpenSSL</application> by running the following 109 commands: 110 </para> 87 111 88 112 <screen><userinput>patch -Np1 -i ../openssl-&openssl-version;-fix_manpages-1.patch && 89 90 ./config --prefix=/usr \ 91 --openssldir=/etc/ssl \ 92 shared \ 93 zlib-dynamic && 113 ./config --prefix=/usr zlib-dynamic \ 114 --openssldir=/etc/ssl shared && 94 115 make</userinput></screen> 95 116 96 <para>To test the results, issue: <command>make test</command>.</para> 97 98 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 117 <para> 118 To test the results, issue: <command>make test</command>. 119 </para> 120 121 <para> 122 If you want to disable installing the static libraries, use this sed: 123 </para> 124 125 <screen><userinput>sed -i 's# libcrypto.a##;s# libssl.a##' Makefile</userinput></screen> 126 127 <para> 128 Now, as the <systemitem class="username">root</systemitem> user: 129 </para> 99 130 100 131 <screen role="root"><userinput>make MANDIR=/usr/share/man install && 101 132 install -v -d -m755 /usr/share/doc/openssl-&openssl-version; && 102 cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \ 103 /usr/share/doc/openssl-&openssl-version;</userinput></screen> 133 cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} /usr/share/doc/openssl-&openssl-version;</userinput></screen> 104 134 105 135 </sect2> … … 108 138 <title>Command Explanations</title> 109 139 110 <para> <parameter>shared</parameter>: This parameter forces the creation of111 shared libraries along with the static libraries.</para>112 113 < para><parameter>zlib-dynamic</parameter>: This parameter adds114 compression/decompression functionality using the 115 < filename class="libraryfile">libz</filename> library.</para>116 117 <para><option>no-rc5 no-idea</option>: When added tothe118 <command>./config</command> command, this will eliminate the building119 of those encryption methods. Patent licenses may be needed for you to120 utilize either of those methods in your projects.</para> 121 122 <para><command>make MANDIR=/usr/share/man install</command>: This command123 installs <application>OpenSSL</application> with the man pages in124 <filename class='directory'>/usr/share/man</filename> instead of125 <filename class='directory'>/etc/ssl/man</filename>.</para>126 127 <!-- <para><option>enable-tlsext</option>: When added to the 128 < command>./config</command> command, this switch will enable TLS129 Extensions. Currently this is only RFC 3546 and 4507bis for Server Name130 Indication. This allows the use of multiple SSL certificates with multiple131 virtual hosts in Apache, while using only one IP address and one port for132 all virtual hosts.</para> -->133 140 <para> 141 <parameter>shared</parameter>: This parameter forces the creation of 142 shared libraries along with the static libraries. 143 </para> 144 145 <para> 146 <parameter>zlib-dynamic</parameter>: This parameter adds 147 compression/decompression functionality using the 148 <filename class="libraryfile">libz</filename> library. 149 </para> 150 151 <para> 152 <option>no-rc5 no-idea</option>: When added to the 153 <command>./config</command> command, this will eliminate the building 154 of those encryption methods. Patent licenses may be needed for you to 155 utilize either of those methods in your projects. 156 </para> 157 158 <para> 159 <command>make MANDIR=/usr/share/man install</command>: This command 160 installs <application>OpenSSL</application> with the man pages in 161 <filename class='directory'>/usr/share/man</filename> instead of 162 <filename class='directory'>/etc/ssl/man</filename>. 163 </para> 134 164 </sect2> 135 165 … … 140 170 <title>Config Files</title> 141 171 142 <para><filename>/etc/ssl/openssl.cnf</filename></para> 172 <para> 173 <filename>/etc/ssl/openssl.cnf</filename> 174 </para> 143 175 144 176 <indexterm zone="openssl openssl-config"> … … 147 179 148 180 </sect3> 149 150 181 <sect3> 151 182 <title>Configuration Information</title> 152 183 153 <para>Most users will want to install Certificate Authority Certificates 154 for validataion of downloaded certificates. For example, these 155 certificates are used by <xref linkend='firefox'/> or <xref 156 linkend='wget'/> when accessing secure (https protocol) sites. To do this, 157 follow the instructions from the <xref linkend='cacerts'/> page.</para> 158 159 <para>Users who just want to use <application>OpenSSL</application> for 160 providing functions to other programs such as 161 <application>OpenSSH</application> and web browsers do not need to worry 162 about additional configuration. This is an advanced topic and so those 163 who do need it would normally be expected to either know how to properly 164 update <filename>/etc/ssl/openssl.cnf</filename> or be able to find out 165 how to do it.</para> 166 184 <para> 185 Most users will want to install Certificate Authority Certificates 186 for validataion of downloaded certificates. For example, these 187 certificates are used by <xref linkend='git'/>, <xref linkend='curl'/> 188 or <xref linkend='wget'/> when accessing secure (https protocol) sites. 189 To do this, follow the instructions from the <xref linkend='cacerts'/> 190 page. 191 </para> 192 193 <para> 194 Users who just want to use <application>OpenSSL</application> for 195 providing functions to other programs such as 196 <application>OpenSSH</application> and web browsers do not need to worry 197 about additional configuration. This is an advanced topic and so those 198 who do need it would normally be expected to either know how to properly 199 update <filename>/etc/ssl/openssl.cnf</filename> or be able to find out 200 how to do it. 201 </para> 167 202 </sect3> 168 169 203 </sect2> 170 204 … … 179 213 <seglistitem> 180 214 <seg>c_rehash and openssl</seg> 181 <seg>libcrypto.{so,a}, libssl.{so,a}, and additional encryption 182 libraries in /usr/lib/engines/ (lib4758cca.so, libaep.so, 183 libatalla.so, libcapi.so, libchil.so, libcswift.so, libgmp.so, 184 libgost.so, libnuron.so, libpadlock.so, libsureware.so, and 185 libubsec.so)</seg> 215 <seg> 216 libcrypto.{so,a}, libssl.{so,a}, and additional encryption 217 libraries in /usr/lib/engines/ (lib4758cca.so, libaep.so, 218 libatalla.so, libcapi.so, libchil.so, libcswift.so, libgmp.so, 219 libgost.so, libnuron.so, libpadlock.so, libsureware.so, and 220 libubsec.so) 221 </seg> 186 222 <seg>/etc/ssl, /usr/include/openssl, /usr/lib/engines 187 223 and /usr/share/doc/openssl-&openssl-version;</seg> … … 197 233 <term><command>c_rehash</command></term> 198 234 <listitem> 199 <para>is a <application>Perl</application> script that scans 200 all files in a directory and adds symbolic links to their hash 201 values.</para> 235 <para> 236 is a <application>Perl</application> script that scans all files in 237 a directory and adds symbolic links to their hash values. 238 </para> 202 239 <indexterm zone="openssl c_rehash"> 203 240 <primary sortas="b-c_rehash">c_rehash</primary> … … 209 246 <term><command>openssl</command></term> 210 247 <listitem> 211 <para>is a command-line tool for using the various cryptography 212 functions of <application>OpenSSL</application>'s crypto 213 library from the shell. It can be used for various functions which are 214 documented in <command>man 1 openssl</command>.</para> 248 <para> 249 is a command-line tool for using the various cryptography functions 250 of <application>OpenSSL</application>'s crypto library from the 251 shell. It can be used for various functions which are documented in 252 <command>man 1 openssl</command>. 253 </para> 215 254 <indexterm zone="openssl openssl-prog"> 216 255 <primary sortas="b-openssl">openssl</primary> … … 222 261 <term><filename class='libraryfile'>libcrypto.{so,a}</filename></term> 223 262 <listitem> 224 <para>implements a wide range of cryptographic algorithms used in 225 various Internet standards. The services provided by this library 226 are used by the <application>OpenSSL</application> implementations of 227 SSL, TLS and S/MIME, and they have also been used to implement 228 <application>OpenSSH</application>, <application>OpenPGP</application>, 229 and other cryptographic standards.</para> 263 <para> 264 implements a wide range of cryptographic algorithms used in various 265 Internet standards. The services provided by this library are used 266 by the <application>OpenSSL</application> implementations of SSL, 267 TLS and S/MIME, and they have also been used to implement 268 <application>OpenSSH</application>, 269 <application>OpenPGP</application>, and other cryptographic 270 standards. 271 </para> 230 272 <indexterm zone="openssl libcrypto"> 231 273 <primary sortas="c-libcrypto">libcrypto.{so,a}</primary> … … 237 279 <term><filename class='libraryfile'>libssl.{so,a}</filename></term> 238 280 <listitem> 239 <para>implements the Secure Sockets Layer (SSL v2/v3) and Transport 240 Layer Security (TLS v1) protocols. It provides a rich API, documentation 241 on which can be found by running <command>man 3 ssl</command>.</para> 281 <para> 282 implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer 283 Security (TLS v1) protocols. It provides a rich API, documentation 284 on which can be found by running <command>man 3 ssl</command>. 285 </para> 242 286 <indexterm zone="openssl libssl"> 243 287 <primary sortas="c-libssl">libssl.{so,a}</primary> … … 245 289 </listitem> 246 290 </varlistentry> 247 248 291 </variablelist> 249 250 </sect2> 251 292 </sect2> 252 293 </sect1>
Note:
See TracChangeset
for help on using the changeset viewer.