Context Navigation

source: chapter08/openssl.xml@ 5042efcc

Visit:

11.3 11.3-rc1 12.0 12.0-rc1 12.1 12.1-rc1 bdubbs/gcc13 multilib renodr/libudev-from-systemd trunk xry111/arm64 xry111/arm64-12.0 xry111/clfs-ng xry111/loongarch xry111/loongarch-12.0 xry111/loongarch-12.1 xry111/mips64el xry111/update-glibc

Last change on this file since 5042efcc was 5042efcc, checked in by David Bryant <davidbryant@…>, 17 months ago
Fix a grammatical error (subject / verb number). Improve English idiom.
Property mode set to `100644`
File size: 7.0 KB

Rev	Line
[e5474751]	1	<?xml version="1.0" encoding="ISO-8859-1"?>
	2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
	3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
	4	<!ENTITY % general-entities SYSTEM "../general.ent">
	5	%general-entities;
	6	]>
	7
	8	<sect1 id="ch-system-openssl" role="wrap">
	9	<?dbhtml filename="openssl.html"?>
	10
	11	<sect1info condition="script">
	12	<productname>openssl</productname>
	13	<productnumber>&openssl-version;</productnumber>
	14	<address>&openssl-url;</address>
	15	</sect1info>
	16
	17	<title>OpenSSL-&openssl-version;</title>
	18
	19	<indexterm zone="ch-system-openssl">
	20	<primary sortas="a-OpenSSL">OpenSSL</primary>
	21	</indexterm>
	22
	23	<sect2 role="package">
	24	<title/>
	25
	26	<para>The OpenSSL package contains management tools and libraries relating
	27	to cryptography. These are useful for providing cryptographic functions
[6a156bab]	28	to other packages, such as OpenSSH, email applications, and web browsers
[e5474751]	29	(for accessing HTTPS sites). </para>
	30
	31	<segmentedlist>
	32	<segtitle>&buildtime;</segtitle>
	33	<segtitle>&diskspace;</segtitle>
	34
	35	<seglistitem>
[fb386e0]	36	<seg>&openssl-fin-sbu;</seg>
	37	<seg>&openssl-fin-du;</seg>
[e5474751]	38	</seglistitem>
	39	</segmentedlist>
	40
	41	</sect2>
	42
	43	<sect2 role="installation">
	44	<title>Installation of OpenSSL</title>
[f1b9d9d]	45	<!--
[e5e442c]	46	<para>First fix a problem with some advanced architectures with avx512
[0d80e532]	47	capability:</para>
	48
	49	<screen><userinput remap="pre">sed -e '/bn_reduce.m1/i\ factor_size /= sizeof(BN_ULONG) 8;' \
	50	-i crypto/bn/rsaz_exp_x2.c</userinput></screen>
[f1b9d9d]	51	-->
[e5474751]	52	<para>Prepare OpenSSL for compilation:</para>
	53
	54	<screen><userinput remap="configure">./config --prefix=/usr \
	55	--openssldir=/etc/ssl \
	56	--libdir=lib \
	57	shared \
	58	zlib-dynamic</userinput></screen>
	59
	60	<para>Compile the package:</para>
	61
	62	<screen><userinput remap="make">make</userinput></screen>
	63
	64	<para>To test the results, issue:</para>
	65
	66	<screen><userinput remap="test">make test</userinput></screen>
[a751c8d]	67
[3dc8226]	68	<para>One test, 30-test_afalg.t, is known to fail on some kernel
	69	configurations (depending on inconsistent values of
	70	CONFIG_CRYPTO_USER_API* settings.) If it fails, it can safely be
	71	ignored.</para>
[a751c8d]	72
[e5474751]	73	<para>Install the package:</para>
	74
	75	<screen><userinput remap="install">sed -i '/INSTALL_LIBS/s/libcrypto.a libssl.a//' Makefile
	76	make MANSUFFIX=ssl install</userinput></screen>
	77
[f82ef49]	78	<para>Add the version to the documentation directory name, to be
	79	consistent with other packages:</para>
[e5474751]	80
[f82ef49]	81	<screen><userinput remap="install">mv -v /usr/share/doc/openssl /usr/share/doc/openssl-&openssl-version;</userinput></screen>
	82
	83	<para>If desired, install some additional documentation:</para>
	84
	85	<screen><userinput remap="install">cp -vfr doc/* /usr/share/doc/openssl-&openssl-version;</userinput></screen>
[e5474751]	86
[6df63e4]	87	<note>
	88	<para>
	89	You should update OpenSSL when a new version which fixes vulnerabilities
[0d7dbaf]	90	is announced. Since OpenSSL 3.0.0, the OpenSSL versioning scheme
	91	follows the MAJOR.MINOR.PATCH format. API/ABI compatibility
[5042efcc]	92	is guaranteed for the same MAJOR version number. Because LFS
[0d7dbaf]	93	installs only the shared libraries, there is no need to recompile
	94	packages which link to
	95	<filename class="libraryfile">libcrypto.so</filename> or
[6df63e4]	96	<filename class="libraryfile">libssl.so</filename>
[5042efcc]	97	<emphasis>when upgrading to a version with the same MAJOR version
	98	number</emphasis>.
[6df63e4]	99	</para>
	100
	101	<para>
	102	However, any running programs linked to those libraries need to be stopped
[59fef4c]	103	and restarted. Read the related entries in
	104	<xref linkend='pkgmgmt-upgrade-issues'/> for details.
[6df63e4]	105	</para>
	106
	107	</note>
	108
[e5474751]	109	</sect2>
	110
	111	<sect2 id="contents-openssl" role="content">
	112	<title>Contents of OpenSSL</title>
	113
	114	<segmentedlist>
	115	<segtitle>Installed programs</segtitle>
	116	<segtitle>Installed libraries</segtitle>
	117	<segtitle>Installed directories</segtitle>
	118
	119	<seglistitem>
	120	<seg>
	121	c_rehash and openssl
	122	</seg>
	123	<seg>
[68a5dcb9]	124	libcrypto.so and libssl.so
[e5474751]	125	</seg>
	126	<seg>
	127	/etc/ssl,
	128	/usr/include/openssl,
	129	/usr/lib/engines and
	130	/usr/share/doc/openssl-&openssl-version;
	131	</seg>
	132	</seglistitem>
	133	</segmentedlist>
	134
	135	<variablelist>
	136	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
	137	<?dbfo list-presentation="list"?>
	138	<?dbhtml list-presentation="table"?>
	139
	140	<varlistentry id="c_rehash">
	141	<term><command>c_rehash</command></term>
	142	<listitem>
	143	<para>
[0b0fa07]	144	is a <application>Perl</application> script that
	145	scans all files in a directory and adds symbolic links to their
	146	hash values. Use of <command>c_rehash</command> is considered
	147	obsolete and should be replaced by
	148	<command>openssl rehash</command> command
[e5474751]	149	</para>
	150	<indexterm zone="ch-system-openssl c_rehash">
	151	<primary sortas="b-c_rehash">c_rehash</primary>
	152	</indexterm>
	153	</listitem>
	154	</varlistentry>
	155
	156	<varlistentry id="openssl-prog">
	157	<term><command>openssl</command></term>
	158	<listitem>
	159	<para>
	160	is a command-line tool for using the various cryptography functions
	161	of <application>OpenSSL</application>'s crypto library from the
	162	shell. It can be used for various functions which are documented in
[8d35535]	163	<command>man 1 openssl</command>
[e5474751]	164	</para>
	165	<indexterm zone="ch-system-openssl openssl-prog">
	166	<primary sortas="b-openssl">openssl</primary>
	167	</indexterm>
	168	</listitem>
	169	</varlistentry>
	170
	171	<varlistentry id="libcrypto">
	172	<term><filename class="libraryfile">libcrypto.so</filename></term>
	173	<listitem>
	174	<para>
	175	implements a wide range of cryptographic algorithms used in various
	176	Internet standards. The services provided by this library are used
	177	by the <application>OpenSSL</application> implementations of SSL,
	178	TLS and S/MIME, and they have also been used to implement
	179	<application>OpenSSH</application>,
	180	<application>OpenPGP</application>, and other cryptographic
[8d35535]	181	standards
[e5474751]	182	</para>
	183	<indexterm zone="ch-system-openssl libcrypto">
	184	<primary sortas="c-libcrypto">libcrypto.so</primary>
	185	</indexterm>
	186	</listitem>
	187	</varlistentry>
	188
	189	<varlistentry id="libssl">
	190	<term><filename class="libraryfile">libssl.so</filename></term>
	191	<listitem>
	192	<para>
	193	implements the Transport Layer Security (TLS v1) protocol.
	194	It provides a rich API, documentation
[8d35535]	195	on which can be found by running <command>man 3 ssl</command>
[e5474751]	196	</para>
	197	<indexterm zone="ch-system-openssl libssl">
	198	<primary sortas="c-libssl">libssl.so</primary>
	199	</indexterm>
	200	</listitem>
	201	</varlistentry>
	202
	203	</variablelist>
	204
	205	</sect2>
	206
	207	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: