diff options
author | Richard Levitte <levitte@openssl.org> | 2002-11-14 13:00:59 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2002-11-14 13:00:59 +0000 |
commit | d4e573f3056351f96c4c4a2a275f5d1da9b08969 (patch) | |
tree | a8862f5b018078b82e9a67fe6fd495cec0f124fd /FAQ | |
parent | e20afbb34068a730a27708cf438fbb739ae2905d (diff) |
Add a FAQ on how to check the authenticity of the openSSL distribution.
PR: 292
Diffstat (limited to 'FAQ')
-rw-r--r-- | FAQ | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -9,6 +9,7 @@ OpenSSL - Frequently Asked Questions * Where can I get a compiled version of OpenSSL? * Why aren't tools like 'autoconf' and 'libtool' used? * What is an 'engine' version? +* How do I check the authenticity of the OpenSSL distribution? [LEGAL] Legal questions @@ -136,6 +137,19 @@ hardware. This was realized in a special release '0.9.6-engine'. With version 0.9.7 (not yet released) the changes were merged into the main development line, so that the special release is no longer necessary. +* How do I check the authenticity of the OpenSSL distribution? + +We provide MD5 digests and ASC signatures of each tarball. +Use MD5 to check that a tarball from a mirror site is identical: + + md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5 + +You can check authenticity using pgp or gpg. You need the OpenSSL team +member public key used to sign it (download it from a key server). Then +just do: + + pgp TARBALL.asc + [LEGAL] ======================================================================= * Do I need patent licenses to use OpenSSL? |