[openssh-commits] [openssh] 01/02: libcrypto is now optional.
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Nov 15 14:18:51 AEDT 2019
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit 69fbda1894349d1f420c842dfcbcc883239d1aa7
Author: Darren Tucker <dtucker at dtucker.net>
Date: Fri Nov 15 13:42:15 2019 +1100
libcrypto is now optional.
---
INSTALL | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/INSTALL b/INSTALL
index 81476879..c598fe51 100644
--- a/INSTALL
+++ b/INSTALL
@@ -7,13 +7,20 @@ options. Some notes about specific compilers:
- clang: -ftrapv and -sanitize=integer require the compiler-rt runtime
(CC=clang LDFLAGS=--rtlib=compiler-rt ./configure)
-You will need working installations of Zlib and libcrypto (LibreSSL /
-OpenSSL)
+You will need a working installation of zlib:
Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems):
http://www.gzip.org/zlib/
-libcrypto from either of:
+To support Privilege Separation (which is now required) you will need
+to create the user, group and directory used by sshd for privilege
+separation. See README.privsep for details.
+
+
+The remaining items are optional.
+
+libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto
+is supported but severely restricts the avilable ciphers and algorithms.
- LibreSSL (https://www.libressl.org/)
- OpenSSL (https://www.openssl.org) with any of the following versions:
- 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
@@ -24,12 +31,6 @@ If you must use a non-position-independent libcrypto, then you may need
to configure OpenSSH --without-pie. Note that due to a bug in EVP_CipherInit
OpenSSL 1.1 versions prior to 1.1.0g can't be used.
-To support Privilege Separation (which is now required) you will need
-to create the user, group and directory used by sshd for privilege
-separation. See README.privsep for details.
-
-The remaining items are optional.
-
NB. If you operating system supports /dev/random, you should configure
libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's
direct support of /dev/random, or failing that, either prngd or egd.
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list