bd53433877
This diff changes the logic by which configure detects getentropy() to
ensure that we don't use the system wide getentropy
- with macOS sierra if the deployment target is lower than sierra as
found by tor developers here
https://gitweb.torproject.org/tor.git/commit/?id=https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21c963a9a65bf55024680c8323c8b7175d
- with iOS unconditionally because an app linking libressl compiled with
system wide getentropy has been rejected by the App store as I have
documented here
https://github.com/measurement-kit/measurement-kit/pull/994
I think something similar could also affect clock_gettime judging from
tor's patch, but this diff for now doesn't address that.
I do not have macOS < sierra, so I could only verify that configure was
not picking up system wide getentropy by compiling libressl using
export CFLAGS="-mmacosx-version-min=10.11"
As regards iOS, removing the check for getentropy and recompiling (thus
using libressl builtin getentropy()) was enough to have another iteration
of the app accepted. Otherwise testing should be possible with:
export LDFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos`
export CPPFLAGS=-arch armv7 -isysroot `xcrun --show-sdk-path --sdk iphoneos`
export CFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos`
Related ticket: https://github.com/libressl-portable/portable/issues/230
|
||
|---|---|---|
| apps | ||
| crypto | ||
| include | ||
| libtls-standalone | ||
| m4 | ||
| man | ||
| patches | ||
| scripts | ||
| ssl | ||
| tests | ||
| tls | ||
| .gitignore | ||
| .travis.yml | ||
| autogen.sh | ||
| ChangeLog | ||
| check-release.sh | ||
| CMakeLists.txt | ||
| config | ||
| configure.ac | ||
| dist-win.sh | ||
| dist.sh | ||
| gen-coverage-report.sh | ||
| gen-openbsd-tags.sh | ||
| libcrypto.pc.in | ||
| libressl.pub | ||
| libssl.pc.in | ||
| libtls.pc.in | ||
| Makefile.am | ||
| Makefile.am.common | ||
| OPENBSD_BRANCH | ||
| openssl.pc.in | ||
| README.md | ||
| README.windows | ||
| tap-driver.sh | ||
| update.sh | ||
Official portable version of LibreSSL
LibreSSL is a fork of OpenSSL 1.0.1g developed by the OpenBSD project. Our goal is to modernize the codebase, improve security, and apply best practice development processes from OpenBSD.
Compatibility with OpenSSL:
LibreSSL is API compatible with OpenSSL 1.0.1, but does not yet include all new APIs from OpenSSL 1.0.2 and later. LibreSSL also includes APIs not yet present in OpenSSL. The current common API subset is OpenSSL 1.0.1.
LibreSSL is not ABI compatible with any release of OpenSSL, or necessarily earlier releases of LibreSSL. You will need to relink your programs to LibreSSL in order to use it, just as in moving between major versions of OpenSSL. LibreSSL's installed library version numbers are incremented to account for ABI and API changes.
Compatibility with other operating systems:
While primarily developed on and taking advantage of APIs available on OpenBSD, the LibreSSL portable project attempts to provide working alternatives for other operating systems, and assists with improving OS-native implementations where possible.
At the time of this writing, LibreSSL is know to build and work on:
- Linux (kernel 3.17 or later recommended)
- FreeBSD (tested with 9.2 and later)
- NetBSD (tested with 6.1.5)
- HP-UX (11i)
- Solaris (11 and later preferred)
- Mac OS X (tested with 10.8 and later)
- AIX (5.3 and later)
LibreSSL also supports the following Windows environments:
- Microsoft Windows (XP or higher, x86 and x64)
- Wine (32-bit and 64-bit)
- Builds with Mingw-w64, Cygwin, and Visual Studio
Official release tarballs are available at your friendly neighborhood OpenBSD mirror in directory LibreSSL, although we suggest that you use a mirror.
The LibreSSL portable build framework is also mirrored in Github.
Please report bugs either to the public libressl@openbsd.org mailing list, or to the github issue tracker
Severe vulnerabilities or bugs requiring coordination with OpenSSL can be sent to the core team at libressl-security@openbsd.org.
Prerequisites when building from git
If you have checked this source using Git, follow these initial steps to prepare the source tree for building:
- Ensure you have the following packages installed: automake, autoconf, git, libtool, perl, pod2man
- Run './autogen.sh' to prepare the source tree for building or run './dist.sh' to prepare a tarball.
Building LibreSSL
Once you have a source tree from Git or FTP, run these commands to build and install the package on most systems:
./configure # see ./configure --help for configuration options
make check # runs builtin unit tests
make install # set DESTDIR= to install to an alternate location
If you wish to use the CMake build system, use these commands:
mkdir build
cd build
cmake ..
make
make test
For faster builds, you can use Ninja as well:
mkdir build-ninja
cd build-ninja
cmake -G"Ninja" ..
ninja
ninja test
OS specific build information:
HP-UX (11i)
Set the UNIX_STD environment variable to '2003' before running 'configure' in order to build with the HP C/aC++ compiler. See the "standards(5)" man page for more details.
export UNIX_STD=2003
./configure
make
Windows - Mingw-w64
LibreSSL builds against relatively recent versions of Mingw-w64, not to be confused with the original mingw.org project. Mingw-w64 3.2 or later should work. See README.windows for more information
Windows - Visual Studio
LibreSSL builds using the CMake target "Visual Studio 12 2013", and may build against older/newer targets as well. To generate a Visual Studio project, install CMake, enter the LibreSSL source directory and run:
mkdir build-vs2013
cd build-vs2013
cmake -G"Visual Studio 12 2013" ..
This will generate a LibreSSL.sln file that you can incorporate into other projects or build by itself.