- (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL,

update OpenSSL version requirement.
This commit is contained in:
Damien Miller 2014-08-26 09:27:28 +10:00
parent ed126de8ee
commit ad013944af
2 changed files with 17 additions and 10 deletions

View File

@ -1,5 +1,7 @@
20140825
- (djm) [bufec.c] Skip this file on !ECC OpenSSL
- (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL,
update OpenSSL version requirement.
20140824
- (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not

25
INSTALL
View File

@ -1,22 +1,26 @@
1. Prerequisites
----------------
You will need working installations of Zlib and OpenSSL.
You will need working installations of Zlib and libcrypto (LibreSSL /
OpenSSL)
Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems):
http://www.gzip.org/zlib/
OpenSSL 0.9.6 or greater:
http://www.openssl.org/
libcrypto (LibreSSL or OpenSSL >= 0.9.8f)
LibreSSL http://www.libressl.org/ ; or
OpenSSL http://www.openssl.org/
(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1
Blowfish) do not work correctly.)
LibreSSL/OpenSSL should be compiled as a position-independent library
(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it.
If you must use a non-position-independent libcrypto, then you may need
to configure OpenSSH --without-pie.
The remaining items are optional.
NB. If you operating system supports /dev/random, you should configure
OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of
/dev/random, or failing that, either prngd or egd
libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's
direct support of /dev/random, or failing that, either prngd or egd
PRNGD:
@ -192,10 +196,11 @@ created.
--with-xauth=PATH specifies the location of the xauth binary
--with-ssl-dir=DIR allows you to specify where your OpenSSL libraries
--with-ssl-dir=DIR allows you to specify where your Libre/OpenSSL
libraries
are installed.
--with-ssl-engine enables OpenSSL's (hardware) ENGINE support
--with-ssl-engine enables Libre/OpenSSL's (hardware) ENGINE support
--with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to
real (AF_INET) IPv4 addresses. Works around some quirks on Linux.
@ -254,4 +259,4 @@ Please refer to the "reporting bugs" section of the webpage at
http://www.openssh.com/
$Id: INSTALL,v 1.89 2014/08/19 01:36:08 djm Exp $
$Id: INSTALL,v 1.90 2014/08/25 23:27:29 djm Exp $