source: chapter08/openssl.xml@ 0d7dbaf

11.2 11.2-rc1 11.3 11.3-rc1 12.0 12.0-rc1 12.1 12.1-rc1 bdubbs/gcc13 multilib renodr/libudev-from-systemd s6-init trunk xry111/arm64 xry111/arm64-12.0 xry111/clfs-ng xry111/loongarch xry111/loongarch-12.0 xry111/loongarch-12.1 xry111/mips64el xry111/pip3 xry111/rust-wip-20221008 xry111/update-glibc
Last change on this file since 0d7dbaf was 0d7dbaf, checked in by Xi Ruoyao <xry111@…>, 2 years ago

openssl: reword upgrading note for versioning scheme change
  • Property mode set to 100644
File size: 6.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-system-openssl" role="wrap">
9 <?dbhtml filename="openssl.html"?>
10
11 <sect1info condition="script">
12 <productname>openssl</productname>
13 <productnumber>&openssl-version;</productnumber>
14 <address>&openssl-url;</address>
15 </sect1info>
16
17 <title>OpenSSL-&openssl-version;</title>
18
19 <indexterm zone="ch-system-openssl">
20 <primary sortas="a-OpenSSL">OpenSSL</primary>
21 </indexterm>
22
23 <sect2 role="package">
24 <title/>
25
26 <para>The OpenSSL package contains management tools and libraries relating
27 to cryptography. These are useful for providing cryptographic functions
28 to other packages, such as OpenSSH, email applications, and web browsers
29 (for accessing HTTPS sites). </para>
30
31 <segmentedlist>
32 <segtitle>&buildtime;</segtitle>
33 <segtitle>&diskspace;</segtitle>
34
35 <seglistitem>
36 <seg>&openssl-fin-sbu;</seg>
37 <seg>&openssl-fin-du;</seg>
38 </seglistitem>
39 </segmentedlist>
40
41 </sect2>
42
43 <sect2 role="installation">
44 <title>Installation of OpenSSL</title>
45
46 <para>Prepare OpenSSL for compilation:</para>
47
48<screen><userinput remap="configure">./config --prefix=/usr \
49 --openssldir=/etc/ssl \
50 --libdir=lib \
51 shared \
52 zlib-dynamic</userinput></screen>
53
54 <para>Compile the package:</para>
55
56<screen><userinput remap="make">make</userinput></screen>
57
58 <para>To test the results, issue:</para>
59
60<screen><userinput remap="test">make test</userinput></screen>
61
62 <para>One test, 30-test_afalg.t, is known to fail on some kernel
63 configurations (depending on inconsistent values of
64 CONFIG_CRYPTO_USER_API* settings.) If it fails, it can safely be
65 ignored.</para>
66
67 <para>Install the package:</para>
68
69<screen><userinput remap="install">sed -i '/INSTALL_LIBS/s/libcrypto.a libssl.a//' Makefile
70make MANSUFFIX=ssl install</userinput></screen>
71
72 <para>Add the version to the documentation directory name, to be
73 consistent with other packages:</para>
74
75<screen><userinput remap="install">mv -v /usr/share/doc/openssl /usr/share/doc/openssl-&openssl-version;</userinput></screen>
76
77 <para>If desired, install some additional documentation:</para>
78
79<screen><userinput remap="install">cp -vfr doc/* /usr/share/doc/openssl-&openssl-version;</userinput></screen>
80
81 <note>
82 <para>
83 You should update OpenSSL when a new version which fixes vulnerabilities
84 is announced. Since OpenSSL 3.0.0, the OpenSSL versioning scheme
85 follows the MAJOR.MINOR.PATCH format. API/ABI compatibility
86 are guaranteed for the same MAJOR version number. Because LFS
87 installs only the shared libraries, there is no need to recompile
88 packages which link to
89 <filename class="libraryfile">libcrypto.so</filename> or
90 <filename class="libraryfile">libssl.so</filename>
91 <emphasis>when upgrading to a version with MAJOR version number
92 unchanged</emphasis>.
93 </para>
94
95 <para>
96 However, any running programs linked to those libraries need to be stopped
97 and restarted. Read the related entries in
98 <xref linkend='pkgmgmt-upgrade-issues'/> for details.
99 </para>
100
101 </note>
102
103 </sect2>
104
105 <sect2 id="contents-openssl" role="content">
106 <title>Contents of OpenSSL</title>
107
108 <segmentedlist>
109 <segtitle>Installed programs</segtitle>
110 <segtitle>Installed libraries</segtitle>
111 <segtitle>Installed directories</segtitle>
112
113 <seglistitem>
114 <seg>
115 c_rehash and openssl
116 </seg>
117 <seg>
118 libcrypto.so and libssl.so
119 </seg>
120 <seg>
121 /etc/ssl,
122 /usr/include/openssl,
123 /usr/lib/engines and
124 /usr/share/doc/openssl-&openssl-version;
125 </seg>
126 </seglistitem>
127 </segmentedlist>
128
129 <variablelist>
130 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
131 <?dbfo list-presentation="list"?>
132 <?dbhtml list-presentation="table"?>
133
134 <varlistentry id="c_rehash">
135 <term><command>c_rehash</command></term>
136 <listitem>
137 <para>
138 is a <application>Perl</application> script that scans all files in
139 a directory and adds symbolic links to their hash values
140 </para>
141 <indexterm zone="ch-system-openssl c_rehash">
142 <primary sortas="b-c_rehash">c_rehash</primary>
143 </indexterm>
144 </listitem>
145 </varlistentry>
146
147 <varlistentry id="openssl-prog">
148 <term><command>openssl</command></term>
149 <listitem>
150 <para>
151 is a command-line tool for using the various cryptography functions
152 of <application>OpenSSL</application>'s crypto library from the
153 shell. It can be used for various functions which are documented in
154 <command>man 1 openssl</command>
155 </para>
156 <indexterm zone="ch-system-openssl openssl-prog">
157 <primary sortas="b-openssl">openssl</primary>
158 </indexterm>
159 </listitem>
160 </varlistentry>
161
162 <varlistentry id="libcrypto">
163 <term><filename class="libraryfile">libcrypto.so</filename></term>
164 <listitem>
165 <para>
166 implements a wide range of cryptographic algorithms used in various
167 Internet standards. The services provided by this library are used
168 by the <application>OpenSSL</application> implementations of SSL,
169 TLS and S/MIME, and they have also been used to implement
170 <application>OpenSSH</application>,
171 <application>OpenPGP</application>, and other cryptographic
172 standards
173 </para>
174 <indexterm zone="ch-system-openssl libcrypto">
175 <primary sortas="c-libcrypto">libcrypto.so</primary>
176 </indexterm>
177 </listitem>
178 </varlistentry>
179
180 <varlistentry id="libssl">
181 <term><filename class="libraryfile">libssl.so</filename></term>
182 <listitem>
183 <para>
184 implements the Transport Layer Security (TLS v1) protocol.
185 It provides a rich API, documentation
186 on which can be found by running <command>man 3 ssl</command>
187 </para>
188 <indexterm zone="ch-system-openssl libssl">
189 <primary sortas="c-libssl">libssl.so</primary>
190 </indexterm>
191 </listitem>
192 </varlistentry>
193
194 </variablelist>
195
196 </sect2>
197
198</sect1>
Note: See TracBrowser for help on using the repository browser.