vermont is not compatible with openssl 1.1.0
openssl 1.1.0 is not API backward compatible with 1.0.0, and vermont will not compile with the newer version. The cmake find_package macro has no way to specify a maximum version so check it explicitly.master
parent
454ea8d8a4
commit
e77f883c56
|
@ -537,10 +537,13 @@ ENDIF(CONNECTION_FILTER)
|
||||||
|
|
||||||
OPTION(SUPPORT_DTLS "Enables/Disables encryption support for IPFIX messages." OFF)
|
OPTION(SUPPORT_DTLS "Enables/Disables encryption support for IPFIX messages." OFF)
|
||||||
IF (SUPPORT_DTLS)
|
IF (SUPPORT_DTLS)
|
||||||
FIND_PACKAGE(OpenSSL)
|
FIND_PACKAGE(OpenSSL 1.0.0)
|
||||||
IF (NOT OPENSSL_FOUND)
|
IF (NOT OPENSSL_FOUND)
|
||||||
MESSAGE(FATAL_ERROR "Could not find openssl. Please install the library or turn off SUPPORT_DTLS")
|
MESSAGE(FATAL_ERROR "Could not find openssl. Please install the library or turn off SUPPORT_DTLS")
|
||||||
ENDIF (NOT OPENSSL_FOUND)
|
ENDIF (NOT OPENSSL_FOUND)
|
||||||
|
IF (NOT (${OPENSSL_VERSION} VERSION_LESS 1.1.0))
|
||||||
|
MESSAGE(FATAL_ERROR "openssl version must be less than 1.1.0")
|
||||||
|
ENDIF (NOT (${OPENSSL_VERSION} VERSION_LESS 1.1.0))
|
||||||
INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
|
INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
|
||||||
TARGET_LINK_LIBRARIES(vermont ${OPENSSL_LIBRARIES})
|
TARGET_LINK_LIBRARIES(vermont ${OPENSSL_LIBRARIES})
|
||||||
ADD_DEFINITIONS(-DSUPPORT_DTLS)
|
ADD_DEFINITIONS(-DSUPPORT_DTLS)
|
||||||
|
|
60
README.md
60
README.md
|
@ -32,9 +32,7 @@ The following packages are optional:
|
||||||
- libczmq-dev (for receiving IPFIX reports over ZMQ)
|
- libczmq-dev (for receiving IPFIX reports over ZMQ)
|
||||||
==> cmake option SUPPORT_ZMQ
|
==> cmake option SUPPORT_ZMQ
|
||||||
|
|
||||||
For DTLS support, OpenSSL 1.0.0 or higher is required. It is recommended
|
For DTLS support, OpenSSL 1.0.0 is required.
|
||||||
to build OpenSSL based on the latest CVS revision. See DTLS instructions below.
|
|
||||||
|
|
||||||
|
|
||||||
## BUILDING AND INSTALLATION
|
## BUILDING AND INSTALLATION
|
||||||
|
|
||||||
|
@ -83,64 +81,18 @@ $ make install
|
||||||
|
|
||||||
### BUILDING WITH DTLS-OVER-UDP SUPPORT
|
### BUILDING WITH DTLS-OVER-UDP SUPPORT
|
||||||
|
|
||||||
VERMONT's DTLS support is based on OpenSSL version 1.0.0 (and maybe higher).
|
VERMONT's DTLS support is based on OpenSSL version 1.0.0. OpenSSL 1.1.0 is not currently supported.
|
||||||
|
|
||||||
Since the DTLS implementation in OpenSSL is fairly new and not as mature as
|
In order to compile VERMONT with DTLS-over-UDP support set the following option:
|
||||||
the TLS/SSL implementation, you should use the latest version of OpenSSL which
|
|
||||||
you can get from http://openssl.org/source/.
|
|
||||||
|
|
||||||
At the time of writing (July 2010), the latest version is 1.0.0a.
|
|
||||||
``` shell
|
``` shell
|
||||||
$ wget http://openssl.org/source/openssl-1.0.0a.tar.gz
|
$ cmake -DSUPPORT_DTLS=YES
|
||||||
$ tar xzf openssl-1.0.0a.tar.gz
|
|
||||||
$ cd openssl-1.0.0a/
|
|
||||||
```
|
```
|
||||||
|
|
||||||
If you want to profit from the most recent bugfixes, you can check out the
|
If CMake does not find OPENSSL you can explicitly specify the include and library paths:
|
||||||
sources from the OpenSSL CVS repository instead:
|
|
||||||
``` shell
|
|
||||||
$ cvs -z9 -d anonymous@cvs.openssl.org:/openssl-cvs co openssl
|
|
||||||
$ cd openssl/
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
cmake -DSUPPORT_DTLS=YES -DCMAKE_INCLUDE_PATH=/path/to/openssl/include -DCMAKE_LIBRARY_PATH=/path/to/openssl/lib
|
||||||
In order to avoid incompatibilities with other packages of your distribution,
|
|
||||||
you probably do not want the new version of OpenSSL to become the default
|
|
||||||
OpenSSL library on your system. Therefore, it is recommended to install the
|
|
||||||
new version in a local directory by using the --prefix option of the config
|
|
||||||
script.
|
|
||||||
|
|
||||||
To build OpenSSL and install it into a built/ subdirectory within the OpenSSL
|
|
||||||
source directory, call the following commands:
|
|
||||||
``` shell
|
|
||||||
$ ./config -d no-dso no-shared --prefix=`pwd`/built
|
|
||||||
$ make
|
|
||||||
$ make install
|
|
||||||
```
|
```
|
||||||
|
|
||||||
The configure option "no-dso" turns off the use of shared-library methods which
|
|
||||||
avoids linking problems related to libdl on the Linux platform.
|
|
||||||
With the option "no-shared", only static libraries are built which makes it
|
|
||||||
easier to link VERMONT to the correct version of OpenSSL.
|
|
||||||
|
|
||||||
In order to compile VERMONT with DTLS-over-UDP support, change into the root
|
|
||||||
of VERMONT's source directory and execute cmake with the OpenSSL include and
|
|
||||||
library paths (replace "/path/to/openssl" by your OpenSSL source directory):
|
|
||||||
``` shell
|
|
||||||
$ cmake -DSUPPORT_DTLS=YES -DCMAKE_INCLUDE_PATH=/path/to/openssl/built/include -DCMAKE_LIBRARY_PATH=/path/to/openssl/built/lib
|
|
||||||
```
|
|
||||||
|
|
||||||
On 64 bit platforms, the library path might be different (mind the "64" at the
|
|
||||||
very end!):
|
|
||||||
``` shell
|
|
||||||
$ cmake -DSUPPORT_DTLS=YES -DCMAKE_INCLUDE_PATH=/path/to/openssl/built/include -DCMAKE_LIBRARY_PATH=/path/to/openssl/built/lib64
|
|
||||||
```
|
|
||||||
|
|
||||||
If you have previously built VERMONT with OpenSSL located in another
|
|
||||||
directory, you might need to manually remove the file CMakeCache.txt before
|
|
||||||
calling cmake.
|
|
||||||
|
|
||||||
|
|
||||||
### BUILDING WITH DTLS-OVER-SCTP SUPPORT
|
### BUILDING WITH DTLS-OVER-SCTP SUPPORT
|
||||||
|
|
||||||
At the time of writing (July 2010), DTLS over SCTP can be used on FreeBSD only!
|
At the time of writing (July 2010), DTLS over SCTP can be used on FreeBSD only!
|
||||||
|
|
Loading…
Reference in New Issue