diff options
author | Eduardo Chappa <chappa@washington.edu> | 2018-08-12 22:34:43 -0600 |
---|---|---|
committer | Eduardo Chappa <chappa@washington.edu> | 2018-08-12 22:34:43 -0600 |
commit | 9449b23bbca71471a64f914b4bc7ec7d810e587f (patch) | |
tree | 12e119c0e389546892ae4bc4df82980cda4d6ffe /libressl/README | |
parent | abcd5fe37b31b2e13907893f70a9e411dcf5e295 (diff) | |
download | alpine-9449b23bbca71471a64f914b4bc7ec7d810e587f.tar.xz |
* Several changes to the compilation of Alpine in Windows to use
LibreSSL in connecting to external servers. This complements the
changes to support S/MIME. In particular, we add support for
validation of certificates by using C:\\libressl\ssl\certs as the
place to save CA certificates. In order to help users, some
certificates are distributed. TODO: Kerberos port, w2k.
Diffstat (limited to 'libressl/README')
-rw-r--r-- | libressl/README | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/libressl/README b/libressl/README new file mode 100644 index 00000000..be4a7d6e --- /dev/null +++ b/libressl/README @@ -0,0 +1,48 @@ +The windows version of Alpine can be compiled with LibreSSL. The build +script will compile using LibreSSL if there is a libressl folder in the +main Alpine source code directory. If you rename or remove this folder, +Alpine will be compiled using the default SSL libraries in your computer. + +There are pros and cons to every decision. Here are the pros and cons to +building using LibreSSL. + +Pros: + + * LibreSSL can be updated at any time. This will make it possible to + build Alpine with the latest features of LibreSSL. If you decide to + not use LibreSSL, your SSL libraries will eventually not be updated. + + * Certificates can be updated at any time, and so you can run your + favorite version of Alpine for many years, even after your Windows + version is not supported anymore. + + * You get S/MIME support in Windows for free. + +Cons: + + * LibreSSL will check certificates not using the certificates installed + in your Windows computer, but it will do so in a different location. + This means that it is the responsibility of the user to update the + certificates. No matter what choice is made, if certificates are not + updated, validation will always eventually fail. + +Default Certificates Location: + + * When Alpine is compiled with LibreSSL support, certificates must be + placed in the C:\\libressl\ssl\certs directory. You can find a copy + of certificates in the git repository in the libressl/certs directory. + All you have to do is to copy the certificates in that directory to + the C:\\libressl\ssl\certs directory. + + * In order to make it easy to distribute certificates, each certificate + is distributed twice. Once with a long name, and another with the + short name. The short name is called the "subject hash". A unix script + called "doit.sh" can be used to create the short name. You can run + such script, from this directory by using the command + + ./doit.sh + + and copy the resulting files with short names, to the + C:\\libressl\ssl\certs folder. You only need the files with the short + names, but both are distributed. + |