[openssh-commits] [openssh] 01/02: libcrypto is now optional.

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Nov 15 14:18:51 AEDT 2019 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 69fbda1894349d1f420c842dfcbcc883239d1aa7
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Fri Nov 15 13:42:15 2019 +1100

    libcrypto is now optional.
---
 INSTALL | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/INSTALL b/INSTALL
index 81476879..c598fe51 100644
--- a/INSTALL
+++ b/INSTALL
@@ -7,13 +7,20 @@ options.  Some notes about specific compilers:
  - clang: -ftrapv and -sanitize=integer require the compiler-rt runtime
   (CC=clang LDFLAGS=--rtlib=compiler-rt ./configure)
 
-You will need working installations of Zlib and libcrypto (LibreSSL /
-OpenSSL)
+You will need a working installation of zlib:
 
 Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems):
 http://www.gzip.org/zlib/
 
-libcrypto from either of:
+To support Privilege Separation (which is now required) you will need
+to create the user, group and directory used by sshd for privilege
+separation.  See README.privsep for details.
+
+
+The remaining items are optional.
+
+libcrypto from either of LibreSSL or OpenSSL.  Building without libcrypto
+is supported but severely restricts the avilable ciphers and algorithms.
  - LibreSSL (https://www.libressl.org/)
  - OpenSSL (https://www.openssl.org) with any of the following versions:
    - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
@@ -24,12 +31,6 @@ If you must use a non-position-independent libcrypto, then you may need
 to configure OpenSSH --without-pie.  Note that due to a bug in EVP_CipherInit
 OpenSSL 1.1 versions prior to 1.1.0g can't be used.
 
-To support Privilege Separation (which is now required) you will need
-to create the user, group and directory used by sshd for privilege
-separation.  See README.privsep for details.
-
-The remaining items are optional.
-
 NB. If you operating system supports /dev/random, you should configure
 libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's
 direct support of /dev/random, or failing that, either prngd or egd.

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list