From ad013944af0a19e3f612089d0099bb397cf6502d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 26 Aug 2014 09:27:28 +1000 Subject: - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL, update OpenSSL version requirement. --- ChangeLog | 2 ++ INSTALL | 25 +++++++++++++++---------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 43dab690..e2f2574b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 20140825 - (djm) [bufec.c] Skip this file on !ECC OpenSSL + - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL, + update OpenSSL version requirement. 20140824 - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not diff --git a/INSTALL b/INSTALL index 4e7437fb..e145a1ef 100644 --- a/INSTALL +++ b/INSTALL @@ -1,22 +1,26 @@ 1. Prerequisites ---------------- -You will need working installations of Zlib and OpenSSL. +You will need working installations of Zlib and libcrypto (LibreSSL / +OpenSSL) Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems): http://www.gzip.org/zlib/ -OpenSSL 0.9.6 or greater: -http://www.openssl.org/ +libcrypto (LibreSSL or OpenSSL >= 0.9.8f) +LibreSSL http://www.libressl.org/ ; or +OpenSSL http://www.openssl.org/ -(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 -Blowfish) do not work correctly.) +LibreSSL/OpenSSL should be compiled as a position-independent library +(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it. +If you must use a non-position-independent libcrypto, then you may need +to configure OpenSSH --without-pie. The remaining items are optional. NB. If you operating system supports /dev/random, you should configure -OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of -/dev/random, or failing that, either prngd or egd +libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's +direct support of /dev/random, or failing that, either prngd or egd PRNGD: @@ -192,10 +196,11 @@ created. --with-xauth=PATH specifies the location of the xauth binary ---with-ssl-dir=DIR allows you to specify where your OpenSSL libraries +--with-ssl-dir=DIR allows you to specify where your Libre/OpenSSL +libraries are installed. ---with-ssl-engine enables OpenSSL's (hardware) ENGINE support +--with-ssl-engine enables Libre/OpenSSL's (hardware) ENGINE support --with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to real (AF_INET) IPv4 addresses. Works around some quirks on Linux. @@ -254,4 +259,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.89 2014/08/19 01:36:08 djm Exp $ +$Id: INSTALL,v 1.90 2014/08/25 23:27:29 djm Exp $ -- cgit v1.2.3