diff options
author | Darren Tucker <dtucker@dtucker.net> | 2019-12-09 20:25:26 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2019-12-09 20:25:26 +1100 |
commit | 9a967c5bbfca35835165f7d8a6165009f5b21872 (patch) | |
tree | 870e87c81ca7bfa7dec280d0beb4111cc8ca8a91 | |
parent | b66fa5da25c4b5b67cf9f0ce7af513f5a6a6a686 (diff) | |
download | openssh-git-9a967c5bbfca35835165f7d8a6165009f5b21872.tar.gz |
Describe how to build libcrypto as PIC.
While there, move the OpenSSL 1.1.0g caveat closer to the other version
information.
-rw-r--r-- | INSTALL | 11 |
1 files changed, 7 insertions, 4 deletions
@@ -25,11 +25,14 @@ is supported but severely restricts the avilable ciphers and algorithms. - OpenSSL (https://www.openssl.org) with any of the following versions: - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1 +Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to +1.1.0g can't be used. + LibreSSL/OpenSSL should be compiled as a position-independent library -(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it. -If you must use a non-position-independent libcrypto, then you may need -to configure OpenSSH --without-pie. Note that due to a bug in EVP_CipherInit -OpenSSL 1.1 versions prior to 1.1.0g can't be used. +(i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC" +or LibreSSL as "CFLAGS=-fPIC ./configure") otherwise OpenSSH will not +be able to link with it. If you must use a non-position-independent +libcrypto, then you may need to configure OpenSSH --without-pie. If you build either from source, running the OpenSSL self-test ("make tests") or the LibreSSL equivalent ("make check") and ensuring that all |