Fossil

Check-in [48b74fce]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Several improvements to the discussion of building against OpenSSL in www/ssl.wiki.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:48b74fce3c504401c6ceb638e167b2b973c3504bb759e385663c6e61e2f6d808
User & Date: wyoung 2019-02-07 00:01:34
Context
2019-02-07
17:18
Update the built-in SQLite to the official 3.27.0 release version. check-in: c56fce69 user: drh tags: trunk
00:01
Several improvements to the discussion of building against OpenSSL in www/ssl.wiki. check-in: 48b74fce user: wyoung tags: trunk
2019-02-05
20:54
Update the built-in SQLite to the latest 3.27.0 beta for testing. check-in: 1dbf923c user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to www/ssl.wiki.

    23     23   
    24     24   Fossil itself has built-in support for TLS on the client side only. That
    25     25   is to say, you can build it against [https://www.openssl.org/|the
    26     26   OpenSSL library], which will allow it to clone and sync with a remote
    27     27   Fossil repository via <tt>https</tt> URIs.
    28     28   
    29     29   
    30         -<h3 id="openssl-bin">Building Against a Binary Version of OpenSSL</h3>
           30  +<h3 id="openssl-bin">Building Against OpenSSL Automatically</h3>
    31     31   
    32     32   The <tt>configure</tt> script will attempt to find OpenSSL on your
    33         -system automatically. If it can't find the files it needs, the most
    34         -common solution is to install the OpenSSL development package on your
    35         -system via your OS's package manager. Examples:
           33  +system automatically. It first tries asking the <tt>pkg-config</tt>
           34  +system where the OpenSSL development files are, and if that fails, it
           35  +falls back to looking through a list of likely directories.
           36  +
           37  +If it can't find the files it needs, the most common solution is to
           38  +install the OpenSSL development package on your system via your OS's
           39  +package manager. Examples:
    36     40   
    37     41     *  <b>RHEL & Fedora</b>: <tt>sudo yum install openssl-devel</tt>
    38     42     *  <b>Debian & Ubuntu</b>: <tt>sudo apt install libssl-dev</tt>
    39     43     *  <b>FreeBSD</b>: <tt>su -c 'pkg install openssl'</tt>
    40     44     *  <b>macOS</b>: <tt>sudo brew install openssl</tt>
    41     45     *  <b>Cygwin</b>: Install <tt>openssl-devel</tt> via Cygwin's
    42     46        <tt>setup-*.exe</tt> program
................................................................................
    52     56   use [https://brew.sh|Homebrew] on macOS to install OpenSSL as above.
    53     57   Fossil's build system will seek it out and use it automatically.
    54     58   
    55     59   
    56     60   <h3 id="openssl-src">Building Against a Non-Platform Version of
    57     61   OpenSSL</h3>
    58     62   
    59         -The Fossil build system can also use OpenSSL when installed in
    60         -nonstandard locations.
    61         -
    62         -If you've installed OpenSSL via a method that Fossil's build system
    63         -cannot find on its own, you can clue it in by passing the
    64         -<tt>--with-openssl</tt> option to the <tt>configure</tt> script. Type
    65         -<tt>./configure --help</tt> for details.
    66         -
    67         -It is possible for the Fossil build system to find a functioning version
    68         -of OpenSSL which is nevertheless unsuitable. One common case is that
    69         -your OS is sufficiently outdated that the platform version of OpenSSL
    70         -can no longer communicate with remote systems adhering to the latest
    71         -advice on secure communications. Your local OpenSSL might not support
    72         -any of the [https://en.wikipedia.org/wiki/Cipher_suite|cipher suites]
    73         -the remote Fossil repository's HTTPS proxy is willing to offer, for
    74         -example, so that even though both sides are speaking a variant of
    75         -TLS/SSL, they can't come to an agreement on the cryptography.
    76         -
    77         -In such cases, you may want to link Fossil to a version of OpenSSL built
    78         -from source. The easiest way to do that is:
           63  +The Fossil build system has a few other methods for finding OpenSSL when
           64  +the automatic methods fail or when you'd prefer that Fossil use a
           65  +different version of OpenSSL than the one Fossil's build system picks on
           66  +its own.
           67  +
           68  +A good reason to do this is when the Fossil build system finds a
           69  +functioning version of OpenSSL which is nevertheless unsuitable. One
           70  +common case is that your OS is sufficiently outdated that the platform
           71  +version of OpenSSL can no longer communicate with remote systems
           72  +adhering to the latest advice on secure communications. An old OpenSSL
           73  +might not support any of the
           74  +[https://en.wikipedia.org/wiki/Cipher_suite|cipher suites] the remote
           75  +Fossil repository's HTTPS proxy is willing to offer, for example, so
           76  +that even though both sides are speaking a variant of TLS/SSL, the peers
           77  +cannot come to an agreement on the cryptography.
           78  +
           79  +If you've installed the OpenSSL development files somewhere that
           80  +Fossil's build system cannot find on its own, you can clue it in by
           81  +passing the <tt>--with-openssl</tt> option to the <tt>configure</tt>
           82  +script. Type <tt>./configure --help</tt> for details.
           83  +
           84  +Another option is to download the source code to OpenSSL and build
           85  +Fossil against that private version of OpenSSL:
    79     86   
    80     87   <pre>
    81     88       cd compat             # relative to the Fossil source tree root
    82     89       tar xf /path/to/openssl-*.tar.gz
    83     90       ln -fs openssl-x.y.z openssl
           91  +    cd openssl
    84     92       ./config              # or, e.g. ./Configure darwin64-x86_64-cc
    85     93       make -j11
    86     94       cd ../..
    87     95       ./configure --with-openssl=tree
    88     96       make -j11
    89     97   </pre>
    90     98