diff options
author | Damien Miller <djm@mindrot.org> | 2014-08-26 09:27:28 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-08-26 09:27:28 +1000 |
commit | ad013944af0a19e3f612089d0099bb397cf6502d (patch) | |
tree | 80026f270a7a163ca7b12fbecc51dec3574119d9 | |
parent | ed126de8ee04c66640a0ea2697c4aaf36801f100 (diff) | |
download | openssh-git-ad013944af0a19e3f612089d0099bb397cf6502d.tar.gz |
- (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL,
update OpenSSL version requirement.
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | INSTALL | 25 |
2 files changed, 17 insertions, 10 deletions
@@ -1,5 +1,7 @@ 20140825 - (djm) [bufec.c] Skip this file on !ECC OpenSSL + - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL, + update OpenSSL version requirement. 20140824 - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not @@ -1,22 +1,26 @@ 1. Prerequisites ---------------- -You will need working installations of Zlib and OpenSSL. +You will need working installations of Zlib and libcrypto (LibreSSL / +OpenSSL) Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems): http://www.gzip.org/zlib/ -OpenSSL 0.9.6 or greater: -http://www.openssl.org/ +libcrypto (LibreSSL or OpenSSL >= 0.9.8f) +LibreSSL http://www.libressl.org/ ; or +OpenSSL http://www.openssl.org/ -(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 -Blowfish) do not work correctly.) +LibreSSL/OpenSSL should be compiled as a position-independent library +(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it. +If you must use a non-position-independent libcrypto, then you may need +to configure OpenSSH --without-pie. The remaining items are optional. NB. If you operating system supports /dev/random, you should configure -OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of -/dev/random, or failing that, either prngd or egd +libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's +direct support of /dev/random, or failing that, either prngd or egd PRNGD: @@ -192,10 +196,11 @@ created. --with-xauth=PATH specifies the location of the xauth binary ---with-ssl-dir=DIR allows you to specify where your OpenSSL libraries +--with-ssl-dir=DIR allows you to specify where your Libre/OpenSSL +libraries are installed. ---with-ssl-engine enables OpenSSL's (hardware) ENGINE support +--with-ssl-engine enables Libre/OpenSSL's (hardware) ENGINE support --with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to real (AF_INET) IPv4 addresses. Works around some quirks on Linux. @@ -254,4 +259,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.89 2014/08/19 01:36:08 djm Exp $ +$Id: INSTALL,v 1.90 2014/08/25 23:27:29 djm Exp $ |