Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Clarified the "build from source" option for linking Fossil to a non-platform version of OpenSSL. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
1e21abda9addd7101174aba3c86b31b3 |
| User & Date: | wyoung 2019-01-28 19:52:23 |
Context
|
2019-01-28
| ||
| 19:58 | Noted that linking Fossil to an OpenSSL built from source opens the user to the "no root certs" problem previously solved in www/ssl.wiki. (check-in: c563be15 user: wyoung tags: trunk) | |
| 19:52 | Clarified the "build from source" option for linking Fossil to a non-platform version of OpenSSL. (check-in: 1e21abda user: wyoung tags: trunk) | |
| 19:25 | Assorted improvements to www/tls-nginx.md (check-in: e629c1b7 user: wyoung tags: trunk) | |
Changes
Changes to www/ssl.wiki.
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
use [https://brew.sh|Homebrew] on macOS to install OpenSSL as above. Fossil's build system will seek it out and use it automatically. <h3 id="openssl-src">Building Against a Non-Platform Version of OpenSSL</h3> The Fossil build system can also find and use OpenSSL in nonstandard locations. If you've installed OpenSSL via a method that Fossil's build system cannot find on its own, you can clue it in by passing the <tt>--with-openssl</tt> option to the <tt>configure</tt> script. Type <tt>./configure --help</tt> for details. Even if the Fossil build system does manage to find a workable version of OpenSSL, it is possible that the platform version is outdated in some key way, enough so that you do not want to use it with Fossil. (The chance of this happening increases as your OS ages.) For example, the platform version of OpenSSL might not support any of the [https://en.wikipedia.org/wiki/Cipher_suite|cipher suites] the remote Fossil repository's HTTPS proxy is willing to offer, so that even though both sides are speaking a variant of TLS/SSL, they can't come to an agreement on the cryptography. In such cases, you may want to link Fossil to a newer version of OpenSSL than the one available in your OS's package repository. You can do this like so, from the root of the Fossil source tree: <pre> cd compat tar xf /path/to/openssl-*.tar.gz ln -fs openssl-x.y.z openssl ./config # or, e.g. ./Configure darwin64-x86_64-cc make -j11 cd ../.. ./configure --with-openssl=tree make -j11 |
| | | | | | | | | | | < > | | | |
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
use [https://brew.sh|Homebrew] on macOS to install OpenSSL as above. Fossil's build system will seek it out and use it automatically. <h3 id="openssl-src">Building Against a Non-Platform Version of OpenSSL</h3> The Fossil build system can also use OpenSSL when installed in nonstandard locations. If you've installed OpenSSL via a method that Fossil's build system cannot find on its own, you can clue it in by passing the <tt>--with-openssl</tt> option to the <tt>configure</tt> script. Type <tt>./configure --help</tt> for details. It is possible for the Fossil build system to find a functioning version of OpenSSL which is nevertheless unsuitable. One common case is that your OS is sufficiently outdated that the platform version of OpenSSL can no longer communicate with remote systems adhering to the latest advice on secure communications. Your local OpenSSL might not support any of the [https://en.wikipedia.org/wiki/Cipher_suite|cipher suites] the remote Fossil repository's HTTPS proxy is willing to offer, for example, so that even though both sides are speaking a variant of TLS/SSL, they can't come to an agreement on the cryptography. In such cases, you may want to link Fossil to a version of OpenSSL built from source. The easiest way to do that is: <pre> cd compat # relative to the Fossil source tree root tar xf /path/to/openssl-*.tar.gz ln -fs openssl-x.y.z openssl ./config # or, e.g. ./Configure darwin64-x86_64-cc make -j11 cd ../.. ./configure --with-openssl=tree make -j11 |