Add a FAQ on how to check the authenticity of the openSSL distribution.
PR: 292
This commit is contained in:
parent
38ab79ce75
commit
a0fd85aa25
1 changed files with 14 additions and 0 deletions
14
FAQ
14
FAQ
|
@ -9,6 +9,7 @@ OpenSSL - Frequently Asked Questions
|
|||
* Where can I get a compiled version of OpenSSL?
|
||||
* Why aren't tools like 'autoconf' and 'libtool' used?
|
||||
* What is an 'engine' version?
|
||||
* How do I check the authenticity of the OpenSSL distribution?
|
||||
|
||||
[LEGAL] Legal questions
|
||||
|
||||
|
@ -133,6 +134,19 @@ hardware. This was realized in a special release '0.9.6-engine'. With
|
|||
version 0.9.7 (not yet released) the changes were merged into the main
|
||||
development line, so that the special release is no longer necessary.
|
||||
|
||||
* How do I check the authenticity of the OpenSSL distribution?
|
||||
|
||||
We provide MD5 digests and ASC signatures of each tarball.
|
||||
Use MD5 to check that a tarball from a mirror site is identical:
|
||||
|
||||
md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
|
||||
|
||||
You can check authenticity using pgp or gpg. You need the OpenSSL team
|
||||
member public key used to sign it (download it from a key server). Then
|
||||
just do:
|
||||
|
||||
pgp TARBALL.asc
|
||||
|
||||
[LEGAL] =======================================================================
|
||||
|
||||
* Do I need patent licenses to use OpenSSL?
|
||||
|
|
Loading…
Reference in a new issue