diff options
| author | djm <djm> | 2014-08-25 23:27:28 +0000 |
|---|---|---|
| committer | djm <djm> | 2014-08-25 23:27:28 +0000 |
| commit | b5e9893facb3e5d0c04655b54310cf8a166098d2 (patch) | |
| tree | e62ff78fbf89999ca307d7e72320108d0acb66e4 | |
| parent | 63b891e9cb4638613a9b5441f76bcad3f30bb3b5 (diff) | |
| download | openssh-b5e9893facb3e5d0c04655b54310cf8a166098d2.tar.gz | |
- (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL,
update OpenSSL version requirement.
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | INSTALL | 25 |
2 files changed, 17 insertions, 10 deletions
@@ -1,5 +1,7 @@ 20140825 - (djm) [bufec.c] Skip this file on !ECC OpenSSL + - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL, + update OpenSSL version requirement. 20140824 - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not @@ -1,22 +1,26 @@ 1. Prerequisites ---------------- -You will need working installations of Zlib and OpenSSL. +You will need working installations of Zlib and libcrypto (LibreSSL / +OpenSSL) Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems): http://www.gzip.org/zlib/ -OpenSSL 0.9.6 or greater: -http://www.openssl.org/ +libcrypto (LibreSSL or OpenSSL >= 0.9.8f) +LibreSSL http://www.libressl.org/ ; or +OpenSSL http://www.openssl.org/ -(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 -Blowfish) do not work correctly.) +LibreSSL/OpenSSL should be compiled as a position-independent library +(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it. +If you must use a non-position-independent libcrypto, then you may need +to configure OpenSSH --without-pie. The remaining items are optional. NB. If you operating system supports /dev/random, you should configure -OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of -/dev/random, or failing that, either prngd or egd +libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's +direct support of /dev/random, or failing that, either prngd or egd PRNGD: @@ -192,10 +196,11 @@ created. --with-xauth=PATH specifies the location of the xauth binary ---with-ssl-dir=DIR allows you to specify where your OpenSSL libraries +--with-ssl-dir=DIR allows you to specify where your Libre/OpenSSL +libraries are installed. ---with-ssl-engine enables OpenSSL's (hardware) ENGINE support +--with-ssl-engine enables Libre/OpenSSL's (hardware) ENGINE support --with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to real (AF_INET) IPv4 addresses. Works around some quirks on Linux. @@ -254,4 +259,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.89 2014/08/19 01:36:08 djm Exp $ +$Id: INSTALL,v 1.90 2014/08/25 23:27:29 djm Exp $ |