Fossil

Check-in [1e21abda]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Clarified the "build from source" option for linking Fossil to a non-platform version of OpenSSL.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 1e21abda9addd7101174aba3c86b31b3f245b810ba836185328290695b2616cc
User & Date: wyoung 2019-01-28 19:52:23
Context
2019-01-28
19:58
Noted that linking Fossil to an OpenSSL built from source opens the user to the "no root certs" problem previously solved in www/ssl.wiki. check-in: c563be15 user: wyoung tags: trunk
19:52
Clarified the "build from source" option for linking Fossil to a non-platform version of OpenSSL. check-in: 1e21abda user: wyoung tags: trunk
19:25
Assorted improvements to www/tls-nginx.md check-in: e629c1b7 user: wyoung tags: trunk
Changes
Hide Diffs Unified Diffs Show Whitespace Changes Patch

Changes to www/ssl.wiki.

52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

77
78
79
80
81
82
83
84
85
86
87
88
use [https://brew.sh|Homebrew] on macOS to install OpenSSL as above.
Fossil's build system will seek it out and use it automatically.


<h3 id="openssl-src">Building Against a Non-Platform Version of
OpenSSL</h3>

The Fossil build system can also find and use OpenSSL in nonstandard
locations.

If you've installed OpenSSL via a method that Fossil's build system
cannot find on its own, you can clue it in by passing the
<tt>--with-openssl</tt> option to the <tt>configure</tt> script. Type
<tt>./configure --help</tt> for details.

Even if the Fossil build system does manage to find a workable version
of OpenSSL, it is possible that the platform version is outdated in some
key way, enough so that you do not want to use it with Fossil. (The
chance of this happening increases as your OS ages.) For example, the
platform version of OpenSSL might not support any of the
[https://en.wikipedia.org/wiki/Cipher_suite|cipher suites] the remote
Fossil repository's HTTPS proxy is willing to offer, so that even though
both sides are speaking a variant of TLS/SSL, they can't come to an
agreement on the cryptography.  In such cases, you may want to link
Fossil to a newer version of OpenSSL than the one available in your OS's

package repository. You can do this like so, from the root of the Fossil
source tree:

<pre>
    cd compat
    tar xf /path/to/openssl-*.tar.gz
    ln -fs openssl-x.y.z openssl
    ./config              # or, e.g. ./Configure darwin64-x86_64-cc
    make -j11
    cd ../..
    ./configure --with-openssl=tree
    make -j11







|
|






|
|
|
|
|
|
|
|
|
<
>
|
|


|







52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

76
77
78
79
80
81
82
83
84
85
86
87
88
use [https://brew.sh|Homebrew] on macOS to install OpenSSL as above.
Fossil's build system will seek it out and use it automatically.


<h3 id="openssl-src">Building Against a Non-Platform Version of
OpenSSL</h3>

The Fossil build system can also use OpenSSL when installed in
nonstandard locations.

If you've installed OpenSSL via a method that Fossil's build system
cannot find on its own, you can clue it in by passing the
<tt>--with-openssl</tt> option to the <tt>configure</tt> script. Type
<tt>./configure --help</tt> for details.

It is possible for the Fossil build system to find a functioning version
of OpenSSL which is nevertheless unsuitable. One common case is that
your OS is sufficiently outdated that the platform version of OpenSSL
can no longer communicate with remote systems adhering to the latest
advice on secure communications. Your local OpenSSL might not support
any of the [https://en.wikipedia.org/wiki/Cipher_suite|cipher suites]
the remote Fossil repository's HTTPS proxy is willing to offer, for
example, so that even though both sides are speaking a variant of
TLS/SSL, they can't come to an agreement on the cryptography.


In such cases, you may want to link Fossil to a version of OpenSSL built
from source. The easiest way to do that is:

<pre>
    cd compat             # relative to the Fossil source tree root
    tar xf /path/to/openssl-*.tar.gz
    ln -fs openssl-x.y.z openssl
    ./config              # or, e.g. ./Configure darwin64-x86_64-cc
    make -j11
    cd ../..
    ./configure --with-openssl=tree
    make -j11