Context Navigation

source: chapter08/openssl.xml@ 23c21ef

Visit:

multilib xry111/multilib ml-11.3

Last change on this file since 23c21ef was fae43efc, checked in by Thomas Trepl <thomas@…>, 19 months ago
Automatic merge of trunk into multilib
Property mode set to `100644`
File size: 8.9 KB

Rev	Line
[e5474751]	1	<?xml version="1.0" encoding="ISO-8859-1"?>
	2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
	3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
	4	<!ENTITY % general-entities SYSTEM "../general.ent">
	5	%general-entities;
	6	]>
	7
	8	<sect1 id="ch-system-openssl" role="wrap">
	9	<?dbhtml filename="openssl.html"?>
	10
	11	<sect1info condition="script">
	12	<productname>openssl</productname>
	13	<productnumber>&openssl-version;</productnumber>
	14	<address>&openssl-url;</address>
	15	</sect1info>
	16
	17	<title>OpenSSL-&openssl-version;</title>
	18
	19	<indexterm zone="ch-system-openssl">
	20	<primary sortas="a-OpenSSL">OpenSSL</primary>
	21	</indexterm>
	22
	23	<sect2 role="package">
	24	<title/>
	25
	26	<para>The OpenSSL package contains management tools and libraries relating
	27	to cryptography. These are useful for providing cryptographic functions
[6dfcfecc]	28	to other packages, such as OpenSSH, email applications, and web browsers
[e5474751]	29	(for accessing HTTPS sites). </para>
	30
	31	<segmentedlist>
	32	<segtitle>&buildtime;</segtitle>
	33	<segtitle>&diskspace;</segtitle>
	34
	35	<seglistitem>
[6dfcfecc]	36	<seg>&openssl-fin-sbu;</seg>
	37	<seg>&openssl-fin-du;</seg>
[e5474751]	38	</seglistitem>
	39	</segmentedlist>
	40
	41	</sect2>
	42
	43	<sect2 role="installation">
	44	<title>Installation of OpenSSL</title>
[f1b9d9d]	45	<!--
[e5e442c]	46	<para>First fix a problem with some advanced architectures with avx512
[0d80e532]	47	capability:</para>
	48
	49	<screen><userinput remap="pre">sed -e '/bn_reduce.m1/i\ factor_size /= sizeof(BN_ULONG) 8;' \
	50	-i crypto/bn/rsaz_exp_x2.c</userinput></screen>
[f1b9d9d]	51	-->
[e5474751]	52	<para>Prepare OpenSSL for compilation:</para>
	53
	54	<screen><userinput remap="configure">./config --prefix=/usr \
	55	--openssldir=/etc/ssl \
	56	--libdir=lib \
	57	shared \
	58	zlib-dynamic</userinput></screen>
	59
	60	<para>Compile the package:</para>
	61
	62	<screen><userinput remap="make">make</userinput></screen>
	63
	64	<para>To test the results, issue:</para>
	65
	66	<screen><userinput remap="test">make test</userinput></screen>
[d7f58cc]	67
[3dc8226]	68	<para>One test, 30-test_afalg.t, is known to fail on some kernel
	69	configurations (depending on inconsistent values of
	70	CONFIG_CRYPTO_USER_API* settings.) If it fails, it can safely be
	71	ignored.</para>
[d7f58cc]	72
[e5474751]	73	<para>Install the package:</para>
	74
	75	<screen><userinput remap="install">sed -i '/INSTALL_LIBS/s/libcrypto.a libssl.a//' Makefile
	76	make MANSUFFIX=ssl install</userinput></screen>
	77
[38de42d]	78	<para>Add the version to the documentation directory name, to be
	79	consistent with other packages:</para>
[e5474751]	80
[38de42d]	81	<screen><userinput remap="install">mv -v /usr/share/doc/openssl /usr/share/doc/openssl-&openssl-version;</userinput></screen>
	82
	83	<para>If desired, install some additional documentation:</para>
	84
	85	<screen><userinput remap="install">cp -vfr doc/* /usr/share/doc/openssl-&openssl-version;</userinput></screen>
[e5474751]	86
[6df63e4]	87	<note>
	88	<para>
	89	You should update OpenSSL when a new version which fixes vulnerabilities
[0d7dbaf]	90	is announced. Since OpenSSL 3.0.0, the OpenSSL versioning scheme
	91	follows the MAJOR.MINOR.PATCH format. API/ABI compatibility
[5042efcc]	92	is guaranteed for the same MAJOR version number. Because LFS
[0d7dbaf]	93	installs only the shared libraries, there is no need to recompile
	94	packages which link to
	95	<filename class="libraryfile">libcrypto.so</filename> or
[6df63e4]	96	<filename class="libraryfile">libssl.so</filename>
[5042efcc]	97	<emphasis>when upgrading to a version with the same MAJOR version
	98	number</emphasis>.
[6df63e4]	99	</para>
	100
	101	<para>
	102	However, any running programs linked to those libraries need to be stopped
[59fef4c]	103	and restarted. Read the related entries in
	104	<xref linkend='pkgmgmt-upgrade-issues'/> for details.
[6df63e4]	105	</para>
	106
	107	</note>
	108
[e5474751]	109	</sect2>
	110
[6dfcfecc]	111	<!-- - - - - - - - - - -->
	112	<!-- Multilib - 32bit -->
	113	<!-- - - - - - - - - - -->
[fd48baa]	114
	115	<sect2 arch="ml_32,ml_all" role="installation">
[6dfcfecc]	116	<title>Installation of OpenSSL - 32bit</title>
[b3f1ebb3]	117
	118	<para>Clean previous build:</para>
	119
	120	<screen><userinput remap="pre">make distclean</userinput></screen>
	121
	122	<para>Prepare OpenSSL for compilation:</para>
	123
[9d1c903]	124	<screen><userinput remap="configure">CFLAGS="-m32 -march=i686 -Wall -O3" CXXFLAGS="$CFLAGS" \
	125	./config --prefix=/usr \
	126	--openssldir=/etc/ssl \
	127	--libdir=lib32 \
	128	shared \
	129	zlib-dynamic \
	130	linux-generic32</userinput></screen>
[b3f1ebb3]	131
	132	<para>Compile the package:</para>
	133
	134	<screen><userinput remap="make">make</userinput></screen>
[6dfcfecc]	135
[b3f1ebb3]	136	<para>Install the package:</para>
	137
	138	<screen><userinput remap="install">make DESTDIR=$PWD/DESTDIR install
[0ebda11]	139	cp -Rv DESTDIR/usr/lib32/* /usr/lib32
[b3f1ebb3]	140	rm -rf DESTDIR</userinput></screen>
	141
[6dfcfecc]	142	</sect2><!-- m32 -->
[b3f1ebb3]	143
[6dfcfecc]	144	<!-- - - - - - - - - - -->
	145	<!-- Multilib - x32bit -->
	146	<!-- - - - - - - - - - -->
[fd48baa]	147
	148	<sect2 arch="ml_x32,ml_all" role="installation">
[6dfcfecc]	149	<title>Installation of OpenSSL - x32bit</title>
[b3f1ebb3]	150
	151	<para>Clean previous build:</para>
	152
	153	<screen><userinput remap="pre">make distclean</userinput></screen>
	154
	155	<para>Prepare OpenSSL for compilation:</para>
	156
[9d1c903]	157	<screen><userinput remap="configure">CFLAGS="-mx32 -march=x86-64 -Wall -O3" CXXFLAGS="$CFLAGS" \
	158	./config --prefix=/usr \
	159	--openssldir=/etc/ssl \
	160	--libdir=libx32 \
	161	shared \
	162	zlib-dynamic \
	163	linux-x32</userinput></screen>
[b3f1ebb3]	164
	165	<para>Compile the package:</para>
	166
	167	<screen><userinput remap="make">make</userinput></screen>
[6dfcfecc]	168
[b3f1ebb3]	169	<para>Install the package:</para>
	170
	171	<screen><userinput remap="install">make DESTDIR=$PWD/DESTDIR install
[0ebda11]	172	cp -Rv DESTDIR/usr/libx32/* /usr/libx32
[b3f1ebb3]	173	rm -rf DESTDIR</userinput></screen>
	174
[6dfcfecc]	175	</sect2><!-- mx32 -->
[b3f1ebb3]	176
[e5474751]	177	<sect2 id="contents-openssl" role="content">
	178	<title>Contents of OpenSSL</title>
	179
	180	<segmentedlist>
	181	<segtitle>Installed programs</segtitle>
	182	<segtitle>Installed libraries</segtitle>
	183	<segtitle>Installed directories</segtitle>
	184
	185	<seglistitem>
	186	<seg>
	187	c_rehash and openssl
	188	</seg>
	189	<seg>
[032dc4e8]	190	libcrypto.so and libssl.so
[e5474751]	191	</seg>
	192	<seg>
	193	/etc/ssl,
	194	/usr/include/openssl,
	195	/usr/lib/engines and
	196	/usr/share/doc/openssl-&openssl-version;
	197	</seg>
	198	</seglistitem>
	199	</segmentedlist>
	200
	201	<variablelist>
	202	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
	203	<?dbfo list-presentation="list"?>
	204	<?dbhtml list-presentation="table"?>
	205
	206	<varlistentry id="c_rehash">
	207	<term><command>c_rehash</command></term>
	208	<listitem>
	209	<para>
[0b0fa07]	210	is a <application>Perl</application> script that
	211	scans all files in a directory and adds symbolic links to their
	212	hash values. Use of <command>c_rehash</command> is considered
	213	obsolete and should be replaced by
	214	<command>openssl rehash</command> command
[e5474751]	215	</para>
	216	<indexterm zone="ch-system-openssl c_rehash">
	217	<primary sortas="b-c_rehash">c_rehash</primary>
	218	</indexterm>
	219	</listitem>
	220	</varlistentry>
	221
	222	<varlistentry id="openssl-prog">
	223	<term><command>openssl</command></term>
	224	<listitem>
	225	<para>
	226	is a command-line tool for using the various cryptography functions
	227	of <application>OpenSSL</application>'s crypto library from the
	228	shell. It can be used for various functions which are documented in
[4c8c128]	229	<command>man 1 openssl</command>
[e5474751]	230	</para>
	231	<indexterm zone="ch-system-openssl openssl-prog">
	232	<primary sortas="b-openssl">openssl</primary>
	233	</indexterm>
	234	</listitem>
	235	</varlistentry>
	236
	237	<varlistentry id="libcrypto">
	238	<term><filename class="libraryfile">libcrypto.so</filename></term>
	239	<listitem>
	240	<para>
	241	implements a wide range of cryptographic algorithms used in various
	242	Internet standards. The services provided by this library are used
	243	by the <application>OpenSSL</application> implementations of SSL,
	244	TLS and S/MIME, and they have also been used to implement
	245	<application>OpenSSH</application>,
	246	<application>OpenPGP</application>, and other cryptographic
[4c8c128]	247	standards
[e5474751]	248	</para>
	249	<indexterm zone="ch-system-openssl libcrypto">
	250	<primary sortas="c-libcrypto">libcrypto.so</primary>
	251	</indexterm>
	252	</listitem>
	253	</varlistentry>
	254
	255	<varlistentry id="libssl">
	256	<term><filename class="libraryfile">libssl.so</filename></term>
	257	<listitem>
	258	<para>
	259	implements the Transport Layer Security (TLS v1) protocol.
	260	It provides a rich API, documentation
[ce536f9]	261	on which can be found by running <command>man 7 ssl</command>
[e5474751]	262	</para>
	263	<indexterm zone="ch-system-openssl libssl">
	264	<primary sortas="c-libssl">libssl.so</primary>
	265	</indexterm>
	266	</listitem>
	267	</varlistentry>
	268
	269	</variablelist>
	270
	271	</sect2>
	272
	273	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: