Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.
|Comment:||Clarified the "build from source" option for linking Fossil to a non-platform version of OpenSSL.|
|Downloads:||Tarball | ZIP archive | SQL archive|
|Timelines:||family | ancestors | descendants | both | trunk|
|Files:||files | file ages | folders|
|User & Date:||wyoung 2019-01-28 19:52:23|
|19:58||Noted that linking Fossil to an OpenSSL built from source opens the user to the "no root certs" problem previously solved in www/ssl.wiki. check-in: c563be15 user: wyoung tags: trunk|
|19:52||Clarified the "build from source" option for linking Fossil to a non-platform version of OpenSSL. check-in: 1e21abda user: wyoung tags: trunk|
|19:25||Assorted improvements to www/tls-nginx.md check-in: e629c1b7 user: wyoung tags: trunk|
Changes to www/ssl.wiki.
52 52 use [https://brew.sh|Homebrew] on macOS to install OpenSSL as above. 53 53 Fossil's build system will seek it out and use it automatically. 54 54 55 55 56 56 <h3 id="openssl-src">Building Against a Non-Platform Version of 57 57 OpenSSL</h3> 58 58 59 -The Fossil build system can also find and use OpenSSL in nonstandard 60 -locations. 59 +The Fossil build system can also use OpenSSL when installed in 60 +nonstandard locations. 61 61 62 62 If you've installed OpenSSL via a method that Fossil's build system 63 63 cannot find on its own, you can clue it in by passing the 64 64 <tt>--with-openssl</tt> option to the <tt>configure</tt> script. Type 65 65 <tt>./configure --help</tt> for details. 66 66 67 -Even if the Fossil build system does manage to find a workable version 68 -of OpenSSL, it is possible that the platform version is outdated in some 69 -key way, enough so that you do not want to use it with Fossil. (The 70 -chance of this happening increases as your OS ages.) For example, the 71 -platform version of OpenSSL might not support any of the 72 -[https://en.wikipedia.org/wiki/Cipher_suite|cipher suites] the remote 73 -Fossil repository's HTTPS proxy is willing to offer, so that even though 74 -both sides are speaking a variant of TLS/SSL, they can't come to an 75 -agreement on the cryptography. In such cases, you may want to link 76 -Fossil to a newer version of OpenSSL than the one available in your OS's 77 -package repository. You can do this like so, from the root of the Fossil 78 -source tree: 67 +It is possible for the Fossil build system to find a functioning version 68 +of OpenSSL which is nevertheless unsuitable. One common case is that 69 +your OS is sufficiently outdated that the platform version of OpenSSL 70 +can no longer communicate with remote systems adhering to the latest 71 +advice on secure communications. Your local OpenSSL might not support 72 +any of the [https://en.wikipedia.org/wiki/Cipher_suite|cipher suites] 73 +the remote Fossil repository's HTTPS proxy is willing to offer, for 74 +example, so that even though both sides are speaking a variant of 75 +TLS/SSL, they can't come to an agreement on the cryptography. 76 + 77 +In such cases, you may want to link Fossil to a version of OpenSSL built 78 +from source. The easiest way to do that is: 79 79 80 80 <pre> 81 - cd compat 81 + cd compat # relative to the Fossil source tree root 82 82 tar xf /path/to/openssl-*.tar.gz 83 83 ln -fs openssl-x.y.z openssl 84 84 ./config # or, e.g. ./Configure darwin64-x86_64-cc 85 85 make -j11 86 86 cd ../.. 87 87 ./configure --with-openssl=tree 88 88 make -j11