diff options
| author | Damien Miller <djm@mindrot.org> | 2014-08-26 09:27:28 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-08-26 09:27:28 +1000 |
| commit | ad013944af0a19e3f612089d0099bb397cf6502d (patch) | |
| tree | 80026f270a7a163ca7b12fbecc51dec3574119d9 /INSTALL | |
| parent | ed126de8ee04c66640a0ea2697c4aaf36801f100 (diff) | |
- (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL,
update OpenSSL version requirement.
Diffstat (limited to 'INSTALL')
| -rw-r--r-- | INSTALL | 25 |
1 files changed, 15 insertions, 10 deletions
| @@ -1,22 +1,26 @@ | |||
| 1 | 1. Prerequisites | 1 | 1. Prerequisites |
| 2 | ---------------- | 2 | ---------------- |
| 3 | 3 | ||
| 4 | You will need working installations of Zlib and OpenSSL. | 4 | You will need working installations of Zlib and libcrypto (LibreSSL / |
| 5 | OpenSSL) | ||
| 5 | 6 | ||
| 6 | Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems): | 7 | Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems): |
| 7 | http://www.gzip.org/zlib/ | 8 | http://www.gzip.org/zlib/ |
| 8 | 9 | ||
| 9 | OpenSSL 0.9.6 or greater: | 10 | libcrypto (LibreSSL or OpenSSL >= 0.9.8f) |
| 10 | http://www.openssl.org/ | 11 | LibreSSL http://www.libressl.org/ ; or |
| 12 | OpenSSL http://www.openssl.org/ | ||
| 11 | 13 | ||
| 12 | (OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 | 14 | LibreSSL/OpenSSL should be compiled as a position-independent library |
| 13 | Blowfish) do not work correctly.) | 15 | (i.e. with -fPIC) otherwise OpenSSH will not be able to link with it. |
| 16 | If you must use a non-position-independent libcrypto, then you may need | ||
| 17 | to configure OpenSSH --without-pie. | ||
| 14 | 18 | ||
| 15 | The remaining items are optional. | 19 | The remaining items are optional. |
| 16 | 20 | ||
| 17 | NB. If you operating system supports /dev/random, you should configure | 21 | NB. If you operating system supports /dev/random, you should configure |
| 18 | OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of | 22 | libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's |
| 19 | /dev/random, or failing that, either prngd or egd | 23 | direct support of /dev/random, or failing that, either prngd or egd |
| 20 | 24 | ||
| 21 | PRNGD: | 25 | PRNGD: |
| 22 | 26 | ||
| @@ -192,10 +196,11 @@ created. | |||
| 192 | 196 | ||
| 193 | --with-xauth=PATH specifies the location of the xauth binary | 197 | --with-xauth=PATH specifies the location of the xauth binary |
| 194 | 198 | ||
| 195 | --with-ssl-dir=DIR allows you to specify where your OpenSSL libraries | 199 | --with-ssl-dir=DIR allows you to specify where your Libre/OpenSSL |
| 200 | libraries | ||
| 196 | are installed. | 201 | are installed. |
| 197 | 202 | ||
| 198 | --with-ssl-engine enables OpenSSL's (hardware) ENGINE support | 203 | --with-ssl-engine enables Libre/OpenSSL's (hardware) ENGINE support |
| 199 | 204 | ||
| 200 | --with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to | 205 | --with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to |
| 201 | real (AF_INET) IPv4 addresses. Works around some quirks on Linux. | 206 | real (AF_INET) IPv4 addresses. Works around some quirks on Linux. |
| @@ -254,4 +259,4 @@ Please refer to the "reporting bugs" section of the webpage at | |||
| 254 | http://www.openssh.com/ | 259 | http://www.openssh.com/ |
| 255 | 260 | ||
| 256 | 261 | ||
| 257 | $Id: INSTALL,v 1.89 2014/08/19 01:36:08 djm Exp $ | 262 | $Id: INSTALL,v 1.90 2014/08/25 23:27:29 djm Exp $ |