diff options
author | Richard Levitte <levitte@openssl.org> | 2002-11-14 13:01:35 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2002-11-14 13:01:35 +0000 |
commit | 64051a3a7126ffa308a38987e7f2095afe47cebe (patch) | |
tree | 6e3f03f476ac6f39679da24b90424bdc7883324d /FAQ | |
parent | 8260eded07e388c66f7bccc04b7a04f6de3f421e (diff) |
Add a FAQ on how to check the authenticity of the openSSL distribution.
PR: 292
Diffstat (limited to 'FAQ')
-rw-r--r-- | FAQ | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -9,6 +9,7 @@ OpenSSL - Frequently Asked Questions * Where can I get a compiled version of OpenSSL? * Why aren't tools like 'autoconf' and 'libtool' used? * What is an 'engine' version? +* How do I check the authenticity of the OpenSSL distribution? [LEGAL] Legal questions @@ -136,6 +137,19 @@ hardware. This was realized in a special release '0.9.6-engine'. With version 0.9.7 (not yet released) the changes were merged into the main development line, so that the special release is no longer necessary. +* How do I check the authenticity of the OpenSSL distribution? + +We provide MD5 digests and ASC signatures of each tarball. +Use MD5 to check that a tarball from a mirror site is identical: + + md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5 + +You can check authenticity using pgp or gpg. You need the OpenSSL team +member public key used to sign it (download it from a key server). Then +just do: + + pgp TARBALL.asc + [LEGAL] ======================================================================= * Do I need patent licenses to use OpenSSL? |