Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Clarified the "build from source" option for linking Fossil to a non-platform version of OpenSSL. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
1e21abda9addd7101174aba3c86b31b3 |
User & Date: | wyoung 2019-01-28 19:52:23.593 |
Context
2019-01-28
| ||
19:58 | Noted that linking Fossil to an OpenSSL built from source opens the user to the "no root certs" problem previously solved in www/ssl.wiki. ... (check-in: c563be15 user: wyoung tags: trunk) | |
19:52 | Clarified the "build from source" option for linking Fossil to a non-platform version of OpenSSL. ... (check-in: 1e21abda user: wyoung tags: trunk) | |
19:25 | Assorted improvements to www/tls-nginx.md ... (check-in: e629c1b7 user: wyoung tags: trunk) | |
Changes
Changes to www/ssl.wiki.
︙ | ︙ | |||
52 53 54 55 56 57 58 | use [https://brew.sh|Homebrew] on macOS to install OpenSSL as above. Fossil's build system will seek it out and use it automatically. <h3 id="openssl-src">Building Against a Non-Platform Version of OpenSSL</h3> | | | | > | < | | | | | | | | | | | 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 | use [https://brew.sh|Homebrew] on macOS to install OpenSSL as above. Fossil's build system will seek it out and use it automatically. <h3 id="openssl-src">Building Against a Non-Platform Version of OpenSSL</h3> The Fossil build system can also use OpenSSL when installed in nonstandard locations. If you've installed OpenSSL via a method that Fossil's build system cannot find on its own, you can clue it in by passing the <tt>--with-openssl</tt> option to the <tt>configure</tt> script. Type <tt>./configure --help</tt> for details. It is possible for the Fossil build system to find a functioning version of OpenSSL which is nevertheless unsuitable. One common case is that your OS is sufficiently outdated that the platform version of OpenSSL can no longer communicate with remote systems adhering to the latest advice on secure communications. Your local OpenSSL might not support any of the [https://en.wikipedia.org/wiki/Cipher_suite|cipher suites] the remote Fossil repository's HTTPS proxy is willing to offer, for example, so that even though both sides are speaking a variant of TLS/SSL, they can't come to an agreement on the cryptography. In such cases, you may want to link Fossil to a version of OpenSSL built from source. The easiest way to do that is: <pre> cd compat # relative to the Fossil source tree root tar xf /path/to/openssl-*.tar.gz ln -fs openssl-x.y.z openssl ./config # or, e.g. ./Configure darwin64-x86_64-cc make -j11 cd ../.. ./configure --with-openssl=tree make -j11 |
︙ | ︙ |