source: chapter08/openssl.xml@ 6df63e4

11.0 11.0-rc1 11.0-rc2 11.0-rc3 11.1 11.1-rc1 11.2 11.2-rc1 11.3 11.3-rc1 12.0 12.0-rc1 12.1 12.1-rc1 arm bdubbs/gcc13 ml-11.0 multilib renodr/libudev-from-systemd s6-init trunk xry111/arm64 xry111/arm64-12.0 xry111/clfs-ng xry111/lfs-next xry111/loongarch xry111/loongarch-12.0 xry111/loongarch-12.1 xry111/mips64el xry111/pip3 xry111/rust-wip-20221008 xry111/update-glibc
Last change on this file since 6df63e4 was 6df63e4, checked in by Ken Moffat <ken@…>, 3 years ago

OpenSSL: add a note about upgrading.
  • Property mode set to 100644
File size: 6.9 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-system-openssl" role="wrap">
9 <?dbhtml filename="openssl.html"?>
10
11 <sect1info condition="script">
12 <productname>openssl</productname>
13 <productnumber>&openssl-version;</productnumber>
14 <address>&openssl-url;</address>
15 </sect1info>
16
17 <title>OpenSSL-&openssl-version;</title>
18
19 <indexterm zone="ch-system-openssl">
20 <primary sortas="a-OpenSSL">OpenSSL</primary>
21 </indexterm>
22
23 <sect2 role="package">
24 <title/>
25
26 <para>The OpenSSL package contains management tools and libraries relating
27 to cryptography. These are useful for providing cryptographic functions
28 to other packages, such as OpenSSH, email applications, and web browsers
29 (for accessing HTTPS sites). </para>
30
31 <segmentedlist>
32 <segtitle>&buildtime;</segtitle>
33 <segtitle>&diskspace;</segtitle>
34
35 <seglistitem>
36 <seg>&openssl-fin-sbu;</seg>
37 <seg>&openssl-fin-du;</seg>
38 </seglistitem>
39 </segmentedlist>
40
41 </sect2>
42
43 <sect2 role="installation">
44 <title>Installation of OpenSSL</title>
45
46 <para>Prepare OpenSSL for compilation:</para>
47
48<screen><userinput remap="configure">./config --prefix=/usr \
49 --openssldir=/etc/ssl \
50 --libdir=lib \
51 shared \
52 zlib-dynamic</userinput></screen>
53
54 <para>Compile the package:</para>
55
56<screen><userinput remap="make">make</userinput></screen>
57
58 <para>To test the results, issue:</para>
59
60<screen><userinput remap="test">make test</userinput></screen>
61
62 <para>One test 30-test_afalg.t is known to fail on some kernel
63 configurations (it apparently assumes certain unspecified crypto
64 options have been selected).</para>
65
66 <para>Install the package:</para>
67
68<screen><userinput remap="install">sed -i '/INSTALL_LIBS/s/libcrypto.a libssl.a//' Makefile
69make MANSUFFIX=ssl install</userinput></screen>
70
71 <para>Add the version to the documentation directory name, to be
72 consistent with other packages:</para>
73
74<screen><userinput remap="install">mv -v /usr/share/doc/openssl /usr/share/doc/openssl-&openssl-version;</userinput></screen>
75
76 <para>If desired, install some additional documentation:</para>
77
78<screen><userinput remap="install">cp -vfr doc/* /usr/share/doc/openssl-&openssl-version;</userinput></screen>
79
80 <note>
81 <para>
82 You should update OpenSSL when a new version which fixes vulnerabilities
83 is announced. The releases run in series, with a letter for each release
84 after the initial release (e.g. 1.1.1, 1.1.1a, 1.1.1b, etc). Because LFS
85 installs only the shared libraries, there is no need to recompile packages
86 which link to <filename class="libraryfile">libcrypto.so</filename> or
87 <filename class="libraryfile">libssl.so</filename>
88 <emphasis>when upgrading in the same series.</emphasis>
89 </para>
90
91 <para>
92 However, any running programs linked to those libraries need to be stopped
93 and restarted. The following command, run as
94 <systemitem class="username">root</systemitem> after udating, will list what is
95 using the old versions of those libraries:
96 </para>
97
98<screen><userinput role="nodump">grep -l -e 'libssl.*deleted' -e 'libcrypto.*deleted' /proc/*/maps |
99 tr -cd 0-9\\n | xargs -r ps u</userinput></screen>
100
101 <para>
102 If you used <application>OpenSSH</application> to login to the system, you
103 need to logout, login again, and rerun that command to confirm nothing is
104 still using the deleted libraries.
105 </para>
106 </note>
107
108 </sect2>
109
110 <sect2 id="contents-openssl" role="content">
111 <title>Contents of OpenSSL</title>
112
113 <segmentedlist>
114 <segtitle>Installed programs</segtitle>
115 <segtitle>Installed libraries</segtitle>
116 <segtitle>Installed directories</segtitle>
117
118 <seglistitem>
119 <seg>
120 c_rehash and openssl
121 </seg>
122 <seg>
123 libcrypto.so and libssl.so
124 </seg>
125 <seg>
126 /etc/ssl,
127 /usr/include/openssl,
128 /usr/lib/engines and
129 /usr/share/doc/openssl-&openssl-version;
130 </seg>
131 </seglistitem>
132 </segmentedlist>
133
134 <variablelist>
135 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
136 <?dbfo list-presentation="list"?>
137 <?dbhtml list-presentation="table"?>
138
139 <varlistentry id="c_rehash">
140 <term><command>c_rehash</command></term>
141 <listitem>
142 <para>
143 is a <application>Perl</application> script that scans all files in
144 a directory and adds symbolic links to their hash values
145 </para>
146 <indexterm zone="ch-system-openssl c_rehash">
147 <primary sortas="b-c_rehash">c_rehash</primary>
148 </indexterm>
149 </listitem>
150 </varlistentry>
151
152 <varlistentry id="openssl-prog">
153 <term><command>openssl</command></term>
154 <listitem>
155 <para>
156 is a command-line tool for using the various cryptography functions
157 of <application>OpenSSL</application>'s crypto library from the
158 shell. It can be used for various functions which are documented in
159 <command>man 1 openssl</command>
160 </para>
161 <indexterm zone="ch-system-openssl openssl-prog">
162 <primary sortas="b-openssl">openssl</primary>
163 </indexterm>
164 </listitem>
165 </varlistentry>
166
167 <varlistentry id="libcrypto">
168 <term><filename class="libraryfile">libcrypto.so</filename></term>
169 <listitem>
170 <para>
171 implements a wide range of cryptographic algorithms used in various
172 Internet standards. The services provided by this library are used
173 by the <application>OpenSSL</application> implementations of SSL,
174 TLS and S/MIME, and they have also been used to implement
175 <application>OpenSSH</application>,
176 <application>OpenPGP</application>, and other cryptographic
177 standards
178 </para>
179 <indexterm zone="ch-system-openssl libcrypto">
180 <primary sortas="c-libcrypto">libcrypto.so</primary>
181 </indexterm>
182 </listitem>
183 </varlistentry>
184
185 <varlistentry id="libssl">
186 <term><filename class="libraryfile">libssl.so</filename></term>
187 <listitem>
188 <para>
189 implements the Transport Layer Security (TLS v1) protocol.
190 It provides a rich API, documentation
191 on which can be found by running <command>man 3 ssl</command>
192 </para>
193 <indexterm zone="ch-system-openssl libssl">
194 <primary sortas="c-libssl">libssl.so</primary>
195 </indexterm>
196 </listitem>
197 </varlistentry>
198
199 </variablelist>
200
201 </sect2>
202
203</sect1>
Note: See TracBrowser for help on using the repository browser.