Check-in [48b74fce3c]
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Several improvements to the discussion of building against OpenSSL in www/ssl.wiki.
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:48b74fce3c504401c6ceb638e167b2b973c3504bb759e385663c6e61e2f6d808
User & Date: wyoung 2019-02-07 00:01:34
Context
2019-02-07
17:18
Update the built-in SQLite to the official 3.27.0 release version. check-in: c56fce69f1 user: drh tags: trunk
00:01
Several improvements to the discussion of building against OpenSSL in www/ssl.wiki. check-in: 48b74fce3c user: wyoung tags: trunk
2019-02-05
20:54
Update the built-in SQLite to the latest 3.27.0 beta for testing. check-in: 1dbf923cbe user: drh tags: trunk
Changes

Changes to www/ssl.wiki.

23
24
25
26
27
28
29
30
31
32




33
34
35
36
37
38
39
40
41
42
..
52
53
54
55
56
57
58
59
60


61
62
63
64
65
66
67
68
69
70
71

72
73
74
75
76


77
78
79



80
81
82
83

84
85
86
87
88
89
90

Fossil itself has built-in support for TLS on the client side only. That
is to say, you can build it against [https://www.openssl.org/|the
OpenSSL library], which will allow it to clone and sync with a remote
Fossil repository via <tt>https</tt> URIs.


<h3 id="openssl-bin">Building Against a Binary Version of OpenSSL</h3>

The <tt>configure</tt> script will attempt to find OpenSSL on your




system automatically. If it can't find the files it needs, the most
common solution is to install the OpenSSL development package on your
system via your OS's package manager. Examples:

  *  <b>RHEL & Fedora</b>: <tt>sudo yum install openssl-devel</tt>
  *  <b>Debian & Ubuntu</b>: <tt>sudo apt install libssl-dev</tt>
  *  <b>FreeBSD</b>: <tt>su -c 'pkg install openssl'</tt>
  *  <b>macOS</b>: <tt>sudo brew install openssl</tt>
  *  <b>Cygwin</b>: Install <tt>openssl-devel</tt> via Cygwin's
     <tt>setup-*.exe</tt> program
................................................................................
use [https://brew.sh|Homebrew] on macOS to install OpenSSL as above.
Fossil's build system will seek it out and use it automatically.


<h3 id="openssl-src">Building Against a Non-Platform Version of
OpenSSL</h3>

The Fossil build system can also use OpenSSL when installed in
nonstandard locations.



If you've installed OpenSSL via a method that Fossil's build system
cannot find on its own, you can clue it in by passing the
<tt>--with-openssl</tt> option to the <tt>configure</tt> script. Type
<tt>./configure --help</tt> for details.

It is possible for the Fossil build system to find a functioning version
of OpenSSL which is nevertheless unsuitable. One common case is that
your OS is sufficiently outdated that the platform version of OpenSSL
can no longer communicate with remote systems adhering to the latest
advice on secure communications. Your local OpenSSL might not support

any of the [https://en.wikipedia.org/wiki/Cipher_suite|cipher suites]
the remote Fossil repository's HTTPS proxy is willing to offer, for
example, so that even though both sides are speaking a variant of
TLS/SSL, they can't come to an agreement on the cryptography.



In such cases, you may want to link Fossil to a version of OpenSSL built
from source. The easiest way to do that is:




<pre>
    cd compat             # relative to the Fossil source tree root
    tar xf /path/to/openssl-*.tar.gz
    ln -fs openssl-x.y.z openssl

    ./config              # or, e.g. ./Configure darwin64-x86_64-cc
    make -j11
    cd ../..
    ./configure --with-openssl=tree
    make -j11
</pre>








|


>
>
>
>
|
|
|







 







|
|
>
>

<
<
|
<
<
<
|
|
|
|
>
|
|
|
|

>
>
|
|

>
>
>




>







23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
..
56
57
58
59
60
61
62
63
64
65
66
67


68



69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

Fossil itself has built-in support for TLS on the client side only. That
is to say, you can build it against [https://www.openssl.org/|the
OpenSSL library], which will allow it to clone and sync with a remote
Fossil repository via <tt>https</tt> URIs.


<h3 id="openssl-bin">Building Against OpenSSL Automatically</h3>

The <tt>configure</tt> script will attempt to find OpenSSL on your
system automatically. It first tries asking the <tt>pkg-config</tt>
system where the OpenSSL development files are, and if that fails, it
falls back to looking through a list of likely directories.

If it can't find the files it needs, the most common solution is to
install the OpenSSL development package on your system via your OS's
package manager. Examples:

  *  <b>RHEL & Fedora</b>: <tt>sudo yum install openssl-devel</tt>
  *  <b>Debian & Ubuntu</b>: <tt>sudo apt install libssl-dev</tt>
  *  <b>FreeBSD</b>: <tt>su -c 'pkg install openssl'</tt>
  *  <b>macOS</b>: <tt>sudo brew install openssl</tt>
  *  <b>Cygwin</b>: Install <tt>openssl-devel</tt> via Cygwin's
     <tt>setup-*.exe</tt> program
................................................................................
use [https://brew.sh|Homebrew] on macOS to install OpenSSL as above.
Fossil's build system will seek it out and use it automatically.


<h3 id="openssl-src">Building Against a Non-Platform Version of
OpenSSL</h3>

The Fossil build system has a few other methods for finding OpenSSL when
the automatic methods fail or when you'd prefer that Fossil use a
different version of OpenSSL than the one Fossil's build system picks on
its own.



A good reason to do this is when the Fossil build system finds a



functioning version of OpenSSL which is nevertheless unsuitable. One
common case is that your OS is sufficiently outdated that the platform
version of OpenSSL can no longer communicate with remote systems
adhering to the latest advice on secure communications. An old OpenSSL
might not support any of the
[https://en.wikipedia.org/wiki/Cipher_suite|cipher suites] the remote
Fossil repository's HTTPS proxy is willing to offer, for example, so
that even though both sides are speaking a variant of TLS/SSL, the peers
cannot come to an agreement on the cryptography.

If you've installed the OpenSSL development files somewhere that
Fossil's build system cannot find on its own, you can clue it in by
passing the <tt>--with-openssl</tt> option to the <tt>configure</tt>
script. Type <tt>./configure --help</tt> for details.

Another option is to download the source code to OpenSSL and build
Fossil against that private version of OpenSSL:

<pre>
    cd compat             # relative to the Fossil source tree root
    tar xf /path/to/openssl-*.tar.gz
    ln -fs openssl-x.y.z openssl
    cd openssl
    ./config              # or, e.g. ./Configure darwin64-x86_64-cc
    make -j11
    cd ../..
    ./configure --with-openssl=tree
    make -j11
</pre>