diff options
| author | beck <> | 2000-12-16 15:07:56 +0000 |
|---|---|---|
| committer | beck <> | 2000-12-16 15:07:56 +0000 |
| commit | b0ce9fc31bf5fcfddbbaff4dacf377e9da301728 (patch) | |
| tree | 07965158cebc6b047756c4851195da76db6590b2 /src | |
| parent | 695210c7c9cabbafd23542a9cad63c49e5083445 (diff) | |
| download | openbsd-b0ce9fc31bf5fcfddbbaff4dacf377e9da301728.tar.gz openbsd-b0ce9fc31bf5fcfddbbaff4dacf377e9da301728.tar.bz2 openbsd-b0ce9fc31bf5fcfddbbaff4dacf377e9da301728.zip | |
Remove - RSA is there now, don't need to talk about it being stubbed.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/README.OPENBSD | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/src/lib/libssl/README.OPENBSD b/src/lib/libssl/README.OPENBSD deleted file mode 100644 index 063259deb7..0000000000 --- a/src/lib/libssl/README.OPENBSD +++ /dev/null | |||
| @@ -1,56 +0,0 @@ | |||
| 1 | |||
| 2 | This is based on an OpenSSL-0.9.4 | ||
| 3 | |||
| 4 | It has the following modifcations made to it. | ||
| 5 | |||
| 6 | NOTES: | ||
| 7 | |||
| 8 | Many tests will fail miserably, since most of them start | ||
| 9 | with SSL v2, which requires RSA, and of course, they barf. | ||
| 10 | idea tests will also fail. This is to be expected. Do | ||
| 11 | "make -k test" if you want to see the output and draw | ||
| 12 | your own conclusions. | ||
| 13 | |||
| 14 | Many parts of the utility programs may not work, although things | ||
| 15 | like client and server will provided you start them in a mode | ||
| 16 | that does not require RSA to operate. | ||
| 17 | |||
| 18 | Unlike an ssl library built to remove the offending routines | ||
| 19 | (which removes many of the things like SSL23init which many | ||
| 20 | packages like web servers use) this library does contain | ||
| 21 | stubs for everything. The patent bits will simply fail. The | ||
| 22 | idea is that this may be used as is for limited functionality, | ||
| 23 | or where possible replaced with a full function library. When | ||
| 24 | porting an app it is important to remember to try to use the | ||
| 25 | tls1 version of stuff first where possible. I.E. if you're | ||
| 26 | going to SSL-ize OpenBSD telnet, for example, call the tls1 init | ||
| 27 | functions *NOT* sslv2init or sslv23init, or you'll be dependent | ||
| 28 | on RSA and have a version that will only work with a full | ||
| 29 | function library. Use the tls versions and you'll work with | ||
| 30 | both - a good thing. | ||
| 31 | |||
| 32 | "crypto" and "ssl" are OpenBSD style build dirs for the | ||
| 33 | libraries of the same name. "ssleay" is the build dir for the | ||
| 34 | "ssleay" executable, used to control everything vagely ssleay | ||
| 35 | like, from testing to generating certificates, to playing | ||
| 36 | simple client server games. libraries expect to install headers | ||
| 37 | in "/usr/include/ssl", libraries in /usr/lib, ssleay in /usr/sbin | ||
| 38 | |||
| 39 | TODO: | ||
| 40 | SSLeay contains just no library docs, it's all use the | ||
| 41 | force, read the source. This should be fixed sometime. | ||
| 42 | |||
| 43 | DSS certificate generation is a black art. This | ||
| 44 | needs to be properly documented and a comprehensive procedure | ||
| 45 | written up, at least for how to generate a cert for | ||
| 46 | a host to be used by multiple servers. beck@ has talked | ||
| 47 | to Mark Shuttleworth of Thawte, and he has agreed that | ||
| 48 | if we can get DSS hosts certs up and running Thawte will | ||
| 49 | consider providing the service (for the usual fee of course) | ||
| 50 | of for-real signing of OpenBSD host certs for those who | ||
| 51 | want a real CA for things like telnet and ftp and the like. | ||
| 52 | |||
| 53 | Apps beyond ssleay need testing - apps that use exclusively old style | ||
| 54 | sslv2 or sslv2/3 need to be converted/modified where possible to | ||
| 55 | try the tls1 stuff, so that we can handle doing things without | ||
| 56 | RSA. | ||