Fossil SCM
Several improvements to the discussion of building against OpenSSL in www/ssl.wiki.
Commit
48b74fce3c504401c6ceb638e167b2b973c3504bb759e385663c6e61e2f6d808
Parent
1dbf923cbee25c6…
1 file changed
+32
-24
+32
-24
| --- www/ssl.wiki | ||
| +++ www/ssl.wiki | ||
| @@ -25,16 +25,20 @@ | ||
| 25 | 25 | is to say, you can build it against [https://www.openssl.org/|the |
| 26 | 26 | OpenSSL library], which will allow it to clone and sync with a remote |
| 27 | 27 | Fossil repository via <tt>https</tt> URIs. |
| 28 | 28 | |
| 29 | 29 | |
| 30 | -<h3 id="openssl-bin">Building Against a Binary Version of OpenSSL</h3> | |
| 30 | +<h3 id="openssl-bin">Building Against OpenSSL Automatically</h3> | |
| 31 | 31 | |
| 32 | 32 | The <tt>configure</tt> script will attempt to find OpenSSL on your |
| 33 | -system automatically. If it can't find the files it needs, the most | |
| 34 | -common solution is to install the OpenSSL development package on your | |
| 35 | -system via your OS's package manager. Examples: | |
| 33 | +system automatically. It first tries asking the <tt>pkg-config</tt> | |
| 34 | +system where the OpenSSL development files are, and if that fails, it | |
| 35 | +falls back to looking through a list of likely directories. | |
| 36 | + | |
| 37 | +If it can't find the files it needs, the most common solution is to | |
| 38 | +install the OpenSSL development package on your system via your OS's | |
| 39 | +package manager. Examples: | |
| 36 | 40 | |
| 37 | 41 | * <b>RHEL & Fedora</b>: <tt>sudo yum install openssl-devel</tt> |
| 38 | 42 | * <b>Debian & Ubuntu</b>: <tt>sudo apt install libssl-dev</tt> |
| 39 | 43 | * <b>FreeBSD</b>: <tt>su -c 'pkg install openssl'</tt> |
| 40 | 44 | * <b>macOS</b>: <tt>sudo brew install openssl</tt> |
| @@ -54,35 +58,39 @@ | ||
| 54 | 58 | |
| 55 | 59 | |
| 56 | 60 | <h3 id="openssl-src">Building Against a Non-Platform Version of |
| 57 | 61 | OpenSSL</h3> |
| 58 | 62 | |
| 59 | -The Fossil build system can also use OpenSSL when installed in | |
| 60 | -nonstandard locations. | |
| 61 | - | |
| 62 | -If you've installed OpenSSL via a method that Fossil's build system | |
| 63 | -cannot find on its own, you can clue it in by passing the | |
| 64 | -<tt>--with-openssl</tt> option to the <tt>configure</tt> script. Type | |
| 65 | -<tt>./configure --help</tt> for details. | |
| 66 | - | |
| 67 | -It is possible for the Fossil build system to find a functioning version | |
| 68 | -of OpenSSL which is nevertheless unsuitable. One common case is that | |
| 69 | -your OS is sufficiently outdated that the platform version of OpenSSL | |
| 70 | -can no longer communicate with remote systems adhering to the latest | |
| 71 | -advice on secure communications. Your local OpenSSL might not support | |
| 72 | -any of the [https://en.wikipedia.org/wiki/Cipher_suite|cipher suites] | |
| 73 | -the remote Fossil repository's HTTPS proxy is willing to offer, for | |
| 74 | -example, so that even though both sides are speaking a variant of | |
| 75 | -TLS/SSL, they can't come to an agreement on the cryptography. | |
| 76 | - | |
| 77 | -In such cases, you may want to link Fossil to a version of OpenSSL built | |
| 78 | -from source. The easiest way to do that is: | |
| 63 | +The Fossil build system has a few other methods for finding OpenSSL when | |
| 64 | +the automatic methods fail or when you'd prefer that Fossil use a | |
| 65 | +different version of OpenSSL than the one Fossil's build system picks on | |
| 66 | +its own. | |
| 67 | + | |
| 68 | +A good reason to do this is when the Fossil build system finds a | |
| 69 | +functioning version of OpenSSL which is nevertheless unsuitable. One | |
| 70 | +common case is that your OS is sufficiently outdated that the platform | |
| 71 | +version of OpenSSL can no longer communicate with remote systems | |
| 72 | +adhering to the latest advice on secure communications. An old OpenSSL | |
| 73 | +might not support any of the | |
| 74 | +[https://en.wikipedia.org/wiki/Cipher_suite|cipher suites] the remote | |
| 75 | +Fossil repository's HTTPS proxy is willing to offer, for example, so | |
| 76 | +that even though both sides are speaking a variant of TLS/SSL, the peers | |
| 77 | +cannot come to an agreement on the cryptography. | |
| 78 | + | |
| 79 | +If you've installed the OpenSSL development files somewhere that | |
| 80 | +Fossil's build system cannot find on its own, you can clue it in by | |
| 81 | +passing the <tt>--with-openssl</tt> option to the <tt>configure</tt> | |
| 82 | +script. Type <tt>./configure --help</tt> for details. | |
| 83 | + | |
| 84 | +Another option is to download the source code to OpenSSL and build | |
| 85 | +Fossil against that private version of OpenSSL: | |
| 79 | 86 | |
| 80 | 87 | <pre> |
| 81 | 88 | cd compat # relative to the Fossil source tree root |
| 82 | 89 | tar xf /path/to/openssl-*.tar.gz |
| 83 | 90 | ln -fs openssl-x.y.z openssl |
| 91 | + cd openssl | |
| 84 | 92 | ./config # or, e.g. ./Configure darwin64-x86_64-cc |
| 85 | 93 | make -j11 |
| 86 | 94 | cd ../.. |
| 87 | 95 | ./configure --with-openssl=tree |
| 88 | 96 | make -j11 |
| 89 | 97 |
| --- www/ssl.wiki | |
| +++ www/ssl.wiki | |
| @@ -25,16 +25,20 @@ | |
| 25 | is to say, you can build it against [https://www.openssl.org/|the |
| 26 | OpenSSL library], which will allow it to clone and sync with a remote |
| 27 | Fossil repository via <tt>https</tt> URIs. |
| 28 | |
| 29 | |
| 30 | <h3 id="openssl-bin">Building Against a Binary Version of OpenSSL</h3> |
| 31 | |
| 32 | The <tt>configure</tt> script will attempt to find OpenSSL on your |
| 33 | system automatically. If it can't find the files it needs, the most |
| 34 | common solution is to install the OpenSSL development package on your |
| 35 | system via your OS's package manager. Examples: |
| 36 | |
| 37 | * <b>RHEL & Fedora</b>: <tt>sudo yum install openssl-devel</tt> |
| 38 | * <b>Debian & Ubuntu</b>: <tt>sudo apt install libssl-dev</tt> |
| 39 | * <b>FreeBSD</b>: <tt>su -c 'pkg install openssl'</tt> |
| 40 | * <b>macOS</b>: <tt>sudo brew install openssl</tt> |
| @@ -54,35 +58,39 @@ | |
| 54 | |
| 55 | |
| 56 | <h3 id="openssl-src">Building Against a Non-Platform Version of |
| 57 | OpenSSL</h3> |
| 58 | |
| 59 | The Fossil build system can also use OpenSSL when installed in |
| 60 | nonstandard locations. |
| 61 | |
| 62 | If you've installed OpenSSL via a method that Fossil's build system |
| 63 | cannot find on its own, you can clue it in by passing the |
| 64 | <tt>--with-openssl</tt> option to the <tt>configure</tt> script. Type |
| 65 | <tt>./configure --help</tt> for details. |
| 66 | |
| 67 | It is possible for the Fossil build system to find a functioning version |
| 68 | of OpenSSL which is nevertheless unsuitable. One common case is that |
| 69 | your OS is sufficiently outdated that the platform version of OpenSSL |
| 70 | can no longer communicate with remote systems adhering to the latest |
| 71 | advice on secure communications. Your local OpenSSL might not support |
| 72 | any of the [https://en.wikipedia.org/wiki/Cipher_suite|cipher suites] |
| 73 | the remote Fossil repository's HTTPS proxy is willing to offer, for |
| 74 | example, so that even though both sides are speaking a variant of |
| 75 | TLS/SSL, they can't come to an agreement on the cryptography. |
| 76 | |
| 77 | In such cases, you may want to link Fossil to a version of OpenSSL built |
| 78 | from source. The easiest way to do that is: |
| 79 | |
| 80 | <pre> |
| 81 | cd compat # relative to the Fossil source tree root |
| 82 | tar xf /path/to/openssl-*.tar.gz |
| 83 | ln -fs openssl-x.y.z openssl |
| 84 | ./config # or, e.g. ./Configure darwin64-x86_64-cc |
| 85 | make -j11 |
| 86 | cd ../.. |
| 87 | ./configure --with-openssl=tree |
| 88 | make -j11 |
| 89 |
| --- www/ssl.wiki | |
| +++ www/ssl.wiki | |
| @@ -25,16 +25,20 @@ | |
| 25 | is to say, you can build it against [https://www.openssl.org/|the |
| 26 | OpenSSL library], which will allow it to clone and sync with a remote |
| 27 | Fossil repository via <tt>https</tt> URIs. |
| 28 | |
| 29 | |
| 30 | <h3 id="openssl-bin">Building Against OpenSSL Automatically</h3> |
| 31 | |
| 32 | The <tt>configure</tt> script will attempt to find OpenSSL on your |
| 33 | system automatically. It first tries asking the <tt>pkg-config</tt> |
| 34 | system where the OpenSSL development files are, and if that fails, it |
| 35 | falls back to looking through a list of likely directories. |
| 36 | |
| 37 | If it can't find the files it needs, the most common solution is to |
| 38 | install the OpenSSL development package on your system via your OS's |
| 39 | package manager. Examples: |
| 40 | |
| 41 | * <b>RHEL & Fedora</b>: <tt>sudo yum install openssl-devel</tt> |
| 42 | * <b>Debian & Ubuntu</b>: <tt>sudo apt install libssl-dev</tt> |
| 43 | * <b>FreeBSD</b>: <tt>su -c 'pkg install openssl'</tt> |
| 44 | * <b>macOS</b>: <tt>sudo brew install openssl</tt> |
| @@ -54,35 +58,39 @@ | |
| 58 | |
| 59 | |
| 60 | <h3 id="openssl-src">Building Against a Non-Platform Version of |
| 61 | OpenSSL</h3> |
| 62 | |
| 63 | The Fossil build system has a few other methods for finding OpenSSL when |
| 64 | the automatic methods fail or when you'd prefer that Fossil use a |
| 65 | different version of OpenSSL than the one Fossil's build system picks on |
| 66 | its own. |
| 67 | |
| 68 | A good reason to do this is when the Fossil build system finds a |
| 69 | functioning version of OpenSSL which is nevertheless unsuitable. One |
| 70 | common case is that your OS is sufficiently outdated that the platform |
| 71 | version of OpenSSL can no longer communicate with remote systems |
| 72 | adhering to the latest advice on secure communications. An old OpenSSL |
| 73 | might not support any of the |
| 74 | [https://en.wikipedia.org/wiki/Cipher_suite|cipher suites] the remote |
| 75 | Fossil repository's HTTPS proxy is willing to offer, for example, so |
| 76 | that even though both sides are speaking a variant of TLS/SSL, the peers |
| 77 | cannot come to an agreement on the cryptography. |
| 78 | |
| 79 | If you've installed the OpenSSL development files somewhere that |
| 80 | Fossil's build system cannot find on its own, you can clue it in by |
| 81 | passing the <tt>--with-openssl</tt> option to the <tt>configure</tt> |
| 82 | script. Type <tt>./configure --help</tt> for details. |
| 83 | |
| 84 | Another option is to download the source code to OpenSSL and build |
| 85 | Fossil against that private version of OpenSSL: |
| 86 | |
| 87 | <pre> |
| 88 | cd compat # relative to the Fossil source tree root |
| 89 | tar xf /path/to/openssl-*.tar.gz |
| 90 | ln -fs openssl-x.y.z openssl |
| 91 | cd openssl |
| 92 | ./config # or, e.g. ./Configure darwin64-x86_64-cc |
| 93 | make -j11 |
| 94 | cd ../.. |
| 95 | ./configure --with-openssl=tree |
| 96 | make -j11 |
| 97 |