summaryrefslogtreecommitdiff
path: root/libressl/README
diff options
context:
space:
mode:
authorEduardo Chappa <chappa@washington.edu>2018-08-12 22:34:43 -0600
committerEduardo Chappa <chappa@washington.edu>2018-08-12 22:34:43 -0600
commit9449b23bbca71471a64f914b4bc7ec7d810e587f (patch)
tree12e119c0e389546892ae4bc4df82980cda4d6ffe /libressl/README
parentabcd5fe37b31b2e13907893f70a9e411dcf5e295 (diff)
downloadalpine-9449b23bbca71471a64f914b4bc7ec7d810e587f.tar.xz
* Several changes to the compilation of Alpine in Windows to use
LibreSSL in connecting to external servers. This complements the changes to support S/MIME. In particular, we add support for validation of certificates by using C:\\libressl\ssl\certs as the place to save CA certificates. In order to help users, some certificates are distributed. TODO: Kerberos port, w2k.
Diffstat (limited to 'libressl/README')
-rw-r--r--libressl/README48
1 files changed, 48 insertions, 0 deletions
diff --git a/libressl/README b/libressl/README
new file mode 100644
index 00000000..be4a7d6e
--- /dev/null
+++ b/libressl/README
@@ -0,0 +1,48 @@
+The windows version of Alpine can be compiled with LibreSSL. The build
+script will compile using LibreSSL if there is a libressl folder in the
+main Alpine source code directory. If you rename or remove this folder,
+Alpine will be compiled using the default SSL libraries in your computer.
+
+There are pros and cons to every decision. Here are the pros and cons to
+building using LibreSSL.
+
+Pros:
+
+ * LibreSSL can be updated at any time. This will make it possible to
+ build Alpine with the latest features of LibreSSL. If you decide to
+ not use LibreSSL, your SSL libraries will eventually not be updated.
+
+ * Certificates can be updated at any time, and so you can run your
+ favorite version of Alpine for many years, even after your Windows
+ version is not supported anymore.
+
+ * You get S/MIME support in Windows for free.
+
+Cons:
+
+ * LibreSSL will check certificates not using the certificates installed
+ in your Windows computer, but it will do so in a different location.
+ This means that it is the responsibility of the user to update the
+ certificates. No matter what choice is made, if certificates are not
+ updated, validation will always eventually fail.
+
+Default Certificates Location:
+
+ * When Alpine is compiled with LibreSSL support, certificates must be
+ placed in the C:\\libressl\ssl\certs directory. You can find a copy
+ of certificates in the git repository in the libressl/certs directory.
+ All you have to do is to copy the certificates in that directory to
+ the C:\\libressl\ssl\certs directory.
+
+ * In order to make it easy to distribute certificates, each certificate
+ is distributed twice. Once with a long name, and another with the
+ short name. The short name is called the "subject hash". A unix script
+ called "doit.sh" can be used to create the short name. You can run
+ such script, from this directory by using the command
+
+ ./doit.sh
+
+ and copy the resulting files with short names, to the
+ C:\\libressl\ssl\certs folder. You only need the files with the short
+ names, but both are distributed.
+