Difference between pages "Merge Funtoo 1.0 profile support into gentoo" and "Package:OpenSSL"

(Difference between pages)
 
 
Line 1: Line 1:
{{fancyimportant|This page is a work-in-progress proposal to merge the Funtoo profile system into Gentoo Linux.}}
+
{{Ebuild
 +
|Summary=Full-strength general purpose cryptography library (including SSL and TLS.)
 +
|CatPkg=dev-libs/openssl
 +
|Homepage=http://www.openssl.org
 +
}}
 +
{{PageNeedsUpdates}}
 +
OpenSSL is a cryptography package used with {{Package|net-misc/openssh}}, web servers, and more.  ftps, https, smtps, imaps, etc use SSL/TLS.  SSL/TLS is used to prevent man in the middle attacks on plain text streams of data. As this is a security package it is frequently cycled from testing, & bug repairs.
 +
{{note|ssl is old, tls is new.  If you have the option to run tls, run tls rather than ssl}}
  
== Introduction ==
+
=== Installation ===
 +
{{console|body=###i## emerge dev-libs/openssl}}
  
This page is a proposal for integrating the Funtoo profile system into Gentoo Linux.
+
=== Usage ===
 +
ssl uses several certificates with differing coverage, and use cases.  Certificates are obtained by 3rd party sites.  go-daddy, namecheap, and verisign are popular ssl certificate providers, though several others exist.
  
=== Reference ===
+
The general overview is buy certificate, send private files, send extra information if required, get files back, insert files into openssl configs, change program configs ports to S version of the protocol, (as in for web port 80, now listens to port 443, and i address the server as https instead of http now.) reorder the cert next year.
  
* [[Funtoo 1.0 Profile]] - description of the system.
+
==== Self Signed Certificates ====
* [[Custom Profiles]] - how to extend it.
+
Free:
* [[Portage Profile Logic]] - How Portage processes profiles.
+
Self signed certificates are free, self made, quick, easy to setup, and insecure. They are great for lab experiments, and testing out new technologies that you're not familiar with.
  
=== Authors ===
+
==== Free Certificates ====
 +
Free:  (with restrictions)
 +
You can get free certificates from places like StartSSL.com.  The free certificates from them are not recommended if you are a company or doing E-Commerce as they only validate that you own the domain, not anything beyond that.  However, for personal sites, you can't beat the cost.
  
* [[User:Zerochaos]]
+
==== Single Domain Certificates ====
* [[User:Drobbins]]
+
Generally $10/yr:
* [[User:Oleg]]
+
Single domain certificates are probably the cheapest ssl certificate you will find on the web.  This certificate does not cover subdomains.
  
== Requirements and Design Ideas ==
+
==== Unified Communications Certificate ====
 +
Generally $300/yr
 +
This certificate is meant for small businesses.  This type of certificate will generally cover 20-30 domains, sites, or subdomains.
  
=== Eselect Profile Support ===
+
==== Wildcard Certificates ====
 +
Generally $300/yr
 +
Wildcard certificates are expensive, however they cover every subdomain name you add.
  
We want eselect-profile to support both the funtoo style profiles and the gentoo style profiles at the same time First thought, says if /etc/{,portage}/make.profile is a symlink, only show gentoo style profiles; this will hide the changes from unsuspecting users so they don't accidently set an experimental profile as gentoo tries to catch up.
+
==== Other Misc Certs ====
 +
*domain validated SSL Certificates
 +
*organization validated SSL Certificates
 +
*Extended Validation SSL Certificates
  
If /etc/{,portage}/make.profile is not a symlink, then show a list of old style profiles and new style profiles.
+
=== Using SSL With Nginx or Tengine ===
This may require funtoo to remove profiles.desc and profiles.eselect.desc from gentoo before replicating.
+
See this page:  [[HOWTO:WebServer_SSL]]
  
=== Catalyst Support ===
+
=== External Resources ===
 
+
https://wiki.archlinux.org/index.php/OpenSSL
* seems trivial, support catalyst setting new style profiles.
+
{{EbuildFooter}}
* input requested from funtoo team on suggested syntax
+
 
+
=== Build Profiles in Gentoo ===
+
 
+
Build prototype profiles in gentoo for all possible x86/amd64 varients.
+
* mgorny has some good ideas here for multilib stuff
+
* blueness has some good ideas for hardened and alternative libc implementations
+
 
+
=== Piggy-Back System for Funtoo ===
+
 
+
Funtoo currently imports various settings from the existing Gentoo system profiles. The new Gentoo profile system should be designed to facilitate this "piggy-backing" to allow for maximum collaboration between Gentoo and Funtoo Linux.
+

Latest revision as of 05:58, July 9, 2015

dev-libs/openssl


Source Repository:Repository:Funtoo Overlay

http://www.openssl.org

Summary: Full-strength general purpose cryptography library (including SSL and TLS.)

Use Flags

bindist
Disable EC/RC5 algorithms (as they seem to be patented)
ec_nistp_64_gcc_128
Enable 64-bit optimized implementations of elliptic curves NIST-P224, NIST-P256 and NIST-P521
rfc3779
Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)

News

Drobbins

Perl Updates

Gentoo has bumped perl from 5.20 to 5.22. Be sure to run perl-cleaner --all after the upgrade.
2015-07-25 by Drobbins
Drobbins

ARM Rebuild

ARM systems will use new stage3's that are not compatible with earlier versions.
2015-06-27 by Drobbins
Drobbins

ABI X86 64 and 32

Funtoo Linux has new 32-bit compatibility libraries inherited from Gentoo. Learn about them here.
2015-06-18 by Drobbins
More...

OpenSSL

Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

OpenSSL is a cryptography package used with Package:OpenSSH, web servers, and more. ftps, https, smtps, imaps, etc use SSL/TLS. SSL/TLS is used to prevent man in the middle attacks on plain text streams of data. As this is a security package it is frequently cycled from testing, & bug repairs.

Note

ssl is old, tls is new. If you have the option to run tls, run tls rather than ssl

Installation

# emerge dev-libs/openssl


Usage

ssl uses several certificates with differing coverage, and use cases. Certificates are obtained by 3rd party sites. go-daddy, namecheap, and verisign are popular ssl certificate providers, though several others exist.

The general overview is buy certificate, send private files, send extra information if required, get files back, insert files into openssl configs, change program configs ports to S version of the protocol, (as in for web port 80, now listens to port 443, and i address the server as https instead of http now.) reorder the cert next year.

Self Signed Certificates

Free: Self signed certificates are free, self made, quick, easy to setup, and insecure. They are great for lab experiments, and testing out new technologies that you're not familiar with.

Free Certificates

Free: (with restrictions) You can get free certificates from places like StartSSL.com. The free certificates from them are not recommended if you are a company or doing E-Commerce as they only validate that you own the domain, not anything beyond that. However, for personal sites, you can't beat the cost.

Single Domain Certificates

Generally $10/yr: Single domain certificates are probably the cheapest ssl certificate you will find on the web. This certificate does not cover subdomains.

Unified Communications Certificate

Generally $300/yr This certificate is meant for small businesses. This type of certificate will generally cover 20-30 domains, sites, or subdomains.

Wildcard Certificates

Generally $300/yr Wildcard certificates are expensive, however they cover every subdomain name you add.

Other Misc Certs

  • domain validated SSL Certificates
  • organization validated SSL Certificates
  • Extended Validation SSL Certificates

Using SSL With Nginx or Tengine

See this page: HOWTO:WebServer_SSL

External Resources

https://wiki.archlinux.org/index.php/OpenSSL