source: chapter08/openssl.xml@ 59fef4c

11.0 11.0-rc1 11.0-rc2 11.0-rc3 11.1 11.1-rc1 arm ml-11.0 multilib trunk xry111/clfs-ng xry111/glibc-2.34 xry111/lfs-next xry111/tester-nohack
Last change on this file since 59fef4c was 59fef4c, checked in by Xi Ruoyao <xry111@…>, 12 months ago

generalize ken's note for shared library update, ...

and move it into package management section

  • Property mode set to 100644
File size: 6.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-system-openssl" role="wrap">
9 <?dbhtml filename="openssl.html"?>
10
11 <sect1info condition="script">
12 <productname>openssl</productname>
13 <productnumber>&openssl-version;</productnumber>
14 <address>&openssl-url;</address>
15 </sect1info>
16
17 <title>OpenSSL-&openssl-version;</title>
18
19 <indexterm zone="ch-system-openssl">
20 <primary sortas="a-OpenSSL">OpenSSL</primary>
21 </indexterm>
22
23 <sect2 role="package">
24 <title/>
25
26 <para>The OpenSSL package contains management tools and libraries relating
27 to cryptography. These are useful for providing cryptographic functions
28 to other packages, such as OpenSSH, email applications, and web browsers
29 (for accessing HTTPS sites). </para>
30
31 <segmentedlist>
32 <segtitle>&buildtime;</segtitle>
33 <segtitle>&diskspace;</segtitle>
34
35 <seglistitem>
36 <seg>&openssl-fin-sbu;</seg>
37 <seg>&openssl-fin-du;</seg>
38 </seglistitem>
39 </segmentedlist>
40
41 </sect2>
42
43 <sect2 role="installation">
44 <title>Installation of OpenSSL</title>
45
46 <para>Prepare OpenSSL for compilation:</para>
47
48<screen><userinput remap="configure">./config --prefix=/usr \
49 --openssldir=/etc/ssl \
50 --libdir=lib \
51 shared \
52 zlib-dynamic</userinput></screen>
53
54 <para>Compile the package:</para>
55
56<screen><userinput remap="make">make</userinput></screen>
57
58 <para>To test the results, issue:</para>
59
60<screen><userinput remap="test">make test</userinput></screen>
61
62 <para>One test 30-test_afalg.t is known to fail on some kernel
63 configurations (it apparently assumes certain unspecified crypto
64 options have been selected).</para>
65
66 <para>Install the package:</para>
67
68<screen><userinput remap="install">sed -i '/INSTALL_LIBS/s/libcrypto.a libssl.a//' Makefile
69make MANSUFFIX=ssl install</userinput></screen>
70
71 <para>Add the version to the documentation directory name, to be
72 consistent with other packages:</para>
73
74<screen><userinput remap="install">mv -v /usr/share/doc/openssl /usr/share/doc/openssl-&openssl-version;</userinput></screen>
75
76 <para>If desired, install some additional documentation:</para>
77
78<screen><userinput remap="install">cp -vfr doc/* /usr/share/doc/openssl-&openssl-version;</userinput></screen>
79
80 <note>
81 <para>
82 You should update OpenSSL when a new version which fixes vulnerabilities
83 is announced. The releases run in series, with a letter for each release
84 after the initial release (e.g. 1.1.1, 1.1.1a, 1.1.1b, etc). Because LFS
85 installs only the shared libraries, there is no need to recompile packages
86 which link to <filename class="libraryfile">libcrypto.so</filename> or
87 <filename class="libraryfile">libssl.so</filename>
88 <emphasis>when upgrading in the same series.</emphasis>
89 </para>
90
91 <para>
92 However, any running programs linked to those libraries need to be stopped
93 and restarted. Read the related entries in
94 <xref linkend='pkgmgmt-upgrade-issues'/> for details.
95 </para>
96
97 </note>
98
99 </sect2>
100
101 <sect2 id="contents-openssl" role="content">
102 <title>Contents of OpenSSL</title>
103
104 <segmentedlist>
105 <segtitle>Installed programs</segtitle>
106 <segtitle>Installed libraries</segtitle>
107 <segtitle>Installed directories</segtitle>
108
109 <seglistitem>
110 <seg>
111 c_rehash and openssl
112 </seg>
113 <seg>
114 libcrypto.so and libssl.so
115 </seg>
116 <seg>
117 /etc/ssl,
118 /usr/include/openssl,
119 /usr/lib/engines and
120 /usr/share/doc/openssl-&openssl-version;
121 </seg>
122 </seglistitem>
123 </segmentedlist>
124
125 <variablelist>
126 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
127 <?dbfo list-presentation="list"?>
128 <?dbhtml list-presentation="table"?>
129
130 <varlistentry id="c_rehash">
131 <term><command>c_rehash</command></term>
132 <listitem>
133 <para>
134 is a <application>Perl</application> script that scans all files in
135 a directory and adds symbolic links to their hash values
136 </para>
137 <indexterm zone="ch-system-openssl c_rehash">
138 <primary sortas="b-c_rehash">c_rehash</primary>
139 </indexterm>
140 </listitem>
141 </varlistentry>
142
143 <varlistentry id="openssl-prog">
144 <term><command>openssl</command></term>
145 <listitem>
146 <para>
147 is a command-line tool for using the various cryptography functions
148 of <application>OpenSSL</application>'s crypto library from the
149 shell. It can be used for various functions which are documented in
150 <command>man 1 openssl</command>
151 </para>
152 <indexterm zone="ch-system-openssl openssl-prog">
153 <primary sortas="b-openssl">openssl</primary>
154 </indexterm>
155 </listitem>
156 </varlistentry>
157
158 <varlistentry id="libcrypto">
159 <term><filename class="libraryfile">libcrypto.so</filename></term>
160 <listitem>
161 <para>
162 implements a wide range of cryptographic algorithms used in various
163 Internet standards. The services provided by this library are used
164 by the <application>OpenSSL</application> implementations of SSL,
165 TLS and S/MIME, and they have also been used to implement
166 <application>OpenSSH</application>,
167 <application>OpenPGP</application>, and other cryptographic
168 standards
169 </para>
170 <indexterm zone="ch-system-openssl libcrypto">
171 <primary sortas="c-libcrypto">libcrypto.so</primary>
172 </indexterm>
173 </listitem>
174 </varlistentry>
175
176 <varlistentry id="libssl">
177 <term><filename class="libraryfile">libssl.so</filename></term>
178 <listitem>
179 <para>
180 implements the Transport Layer Security (TLS v1) protocol.
181 It provides a rich API, documentation
182 on which can be found by running <command>man 3 ssl</command>
183 </para>
184 <indexterm zone="ch-system-openssl libssl">
185 <primary sortas="c-libssl">libssl.so</primary>
186 </indexterm>
187 </listitem>
188 </varlistentry>
189
190 </variablelist>
191
192 </sect2>
193
194</sect1>
Note: See TracBrowser for help on using the repository browser.