Fossil

Check-in [4f810279]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Expanded the section on --with-openssl=none in www/build.wiki to explain why adding that option is a bad idea, what to do instead, and to point to the newly expanded OpenSSL discussion in www/ssl.wiki for more information.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:4f810279ceee61764a3318d20c42aeab1866d6dbd8e1724a2ab86139f7a469f6
User & Date: wyoung 2019-01-28 17:54:10
Context
2019-01-28
18:29
Expanded the discussion of OpenSSL options in www/ssl.wiki, mainly adding advice on installing it via package managers. The new OpenSSL discussion in build.wiki now points to this, rather than to the next section level up, as in the prior checkin. check-in: a13820dc user: wyoung tags: trunk
17:54
Expanded the section on --with-openssl=none in www/build.wiki to explain why adding that option is a bad idea, what to do instead, and to point to the newly expanded OpenSSL discussion in www/ssl.wiki for more information. check-in: 4f810279 user: wyoung tags: trunk
2019-01-27
19:32
Update the built-in SQLite to the latest 3.27.0 alpha. Updates to the change log. check-in: 5280c1ab user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to www/build.wiki.

76
77
78
79
80
81
82
83












84









85
86
87
88
89
90
91
<b>cd</b> into the directory created.</p></li>

<li><i>(Optional, Unix only)</i>
Run <b>./configure</b> to construct a makefile.

<ol type="a">
<li><p>
If you do not have the OpenSSL library installed on your system, then












add <b>--with-openssl=none</b> to omit the https functionality.










<li><p>
To build a statically linked binary (suitable for use inside a chroot
jail) add the <b>--static</b> option.

<li><p>
To enable the native [./th1.md#tclEval | Tcl integration feature] feature,







|
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>







76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
<b>cd</b> into the directory created.</p></li>

<li><i>(Optional, Unix only)</i>
Run <b>./configure</b> to construct a makefile.

<ol type="a">
<li><p>
The build system for Fossil on Unix-like systems assumes that the
OpenSSL development and runtime files are available on your system,
because unprotected repositories are trivial to attack otherwise.
Indeed, some public Fossil repositories — including Fossil's own — today
run in an HTTPS-only mode, so that you can't even do an anonymous clone
from them without using the TLS features added to Fossil by OpenSSL. To
weaken that stance could allow a
[https://en.wikipedia.org/wiki/Man-in-the-middle_attack|man in the
middle attack], such as one that substitutes malicious code into your
Fossil repository clone.</p>

<p>You can force the Fossil build system to avoid searching for, building
against, and linking to the OpenSSL library by passing
<b>--with-openssl=none</b> to the <tt>configure</tt> script.</p>

<p>If you do not have the OpenSSL development libraries on your system,
we recommend that you install them, typically via your OS's package
manager. The Fossil build system goes to a lot of effort to seek these
out wherever they may be found, so that is typically all you need to
do.</p>

<p>For more advanced use cases, see the [./ssl.wiki#client|OpenSSL
discussion in the "TLS and Fossil" document].</p>

<li><p>
To build a statically linked binary (suitable for use inside a chroot
jail) add the <b>--static</b> option.

<li><p>
To enable the native [./th1.md#tclEval | Tcl integration feature] feature,