r975 - branches/2.4-branch/BOOK branches/2.4-branch/BOOK/chapter01 branches/2.4-branch/BOOK/chapter04 branches/2.4-branch/BOOK/chapter06 trunk/BOOK/chapter01 trunk/BOOK/chapter06

robert at linuxfromscratch.org robert at linuxfromscratch.org
Sat Feb 10 12:09:27 PST 2007


Author: robert
Date: 2007-02-10 13:09:27 -0700 (Sat, 10 Feb 2007)
New Revision: 975

Added:
   branches/2.4-branch/BOOK/chapter06/modutils.xml
Removed:
   branches/2.4-branch/BOOK/chapter06/module-init-tools.xml
Modified:
   branches/2.4-branch/BOOK/chapter01/changelog.xml
   branches/2.4-branch/BOOK/chapter04/packages.xml
   branches/2.4-branch/BOOK/chapter04/patches.xml
   branches/2.4-branch/BOOK/chapter06/chapter06.xml
   branches/2.4-branch/BOOK/chapter06/openssl.xml
   branches/2.4-branch/BOOK/packages.ent
   branches/2.4-branch/BOOK/patches.ent
   trunk/BOOK/chapter01/changelog.xml
   trunk/BOOK/chapter06/openssl.xml
Log:
Added -DSSL_FORBID_ENULL to OpenSSL to disable NULL ciphers, and notes about additional -D defines.

Modified: branches/2.4-branch/BOOK/chapter01/changelog.xml
===================================================================
--- branches/2.4-branch/BOOK/chapter01/changelog.xml	2007-02-09 20:07:41 UTC (rev 974)
+++ branches/2.4-branch/BOOK/chapter01/changelog.xml	2007-02-10 20:09:27 UTC (rev 975)
@@ -72,7 +72,7 @@
 <listitem><para>man-1.6b</para></listitem>
 <listitem><para>man-pages-2.42</para></listitem>
 <listitem><para>mktemp-1.5</para></listitem>
-<listitem><para>module-init-tools-3.2.2</para></listitem>
+<listitem><para>modutils-2.4.27</para></listitem>
 <listitem><para>ncurses-5.6</para></listitem>
 <listitem><para>openntpd-3.6.1p1</para></listitem>
 <listitem><para>openssl-0.9.8c</para></listitem>
@@ -110,6 +110,11 @@
 </listitem>
 -->
 
+<listitem><para>February 10th, 2007 [Robert]: Added -DSSL_FORBID_ENULL to OpenSSL to disable NULL
+ciphers, and notes about additional -D defines.</para></listitem>
+
+<listitem><para>February 10th, 2007 [Robert]: Replaced modult-init-tools with modutils.</para></listitem>
+
 <listitem><para>February 9th, 2007 [Robert]: Added description for the Ncurses test suite.</para></listitem>
 
 <listitem><para>February 9th, 2007 [Robert]: Added hardened-specs.h to gcc-pass2.</para></listitem>

Modified: branches/2.4-branch/BOOK/chapter04/packages.xml
===================================================================
--- branches/2.4-branch/BOOK/chapter04/packages.xml	2007-02-09 20:07:41 UTC (rev 974)
+++ branches/2.4-branch/BOOK/chapter04/packages.xml	2007-02-10 20:09:27 UTC (rev 975)
@@ -431,11 +431,11 @@
     </varlistentry>
 
     <varlistentry>
-      <term>Module-Init-Tools (&module-init-tools-version;) - 172 KB:</term>
+      <term>Modutils (&modutils-version;) - 232 KB:</term>
       <listitem>
         <para>Download: <ulink
-        url="&kernel;linux/utils/kernel/module-init-tools/module-init-tools-&module-init-tools-version;.tar.bz2"/></para>
-        <para>MD5 sum: <literal>&module-init-tools-md5;</literal></para>
+        url="&kernel;linux/utils/kernel/modutils/v2.4/modutils-&modutils-version;.tar.bz2"/></para>
+        <para>MD5 sum: <literal>&modutils-md5;</literal></para>
       </listitem>
     </varlistentry>
 

Modified: branches/2.4-branch/BOOK/chapter04/patches.xml
===================================================================
--- branches/2.4-branch/BOOK/chapter04/patches.xml	2007-02-09 20:07:41 UTC (rev 974)
+++ branches/2.4-branch/BOOK/chapter04/patches.xml	2007-02-10 20:09:27 UTC (rev 975)
@@ -258,6 +258,7 @@
       </listitem>
     </varlistentry>
 
+<!--
     <varlistentry>
       <term>Module-Init-Tools No Static Patch - &module-init-tools-nostatic-patch-size;:</term>
       <listitem>
@@ -265,6 +266,7 @@
         <para>MD5 sum: <literal>&module-init-tools-nostatic-patch-md5;</literal></para>
       </listitem>
     </varlistentry>
+-->
 
     <varlistentry>
       <term>OpenSSL Fix Man Pages Patch - &openssl-fix_manpages-patch-size;:</term>

Modified: branches/2.4-branch/BOOK/chapter06/chapter06.xml
===================================================================
--- branches/2.4-branch/BOOK/chapter06/chapter06.xml	2007-02-09 20:07:41 UTC (rev 974)
+++ branches/2.4-branch/BOOK/chapter06/chapter06.xml	2007-02-10 20:09:27 UTC (rev 975)
@@ -59,7 +59,7 @@
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="hotplug.xml"/>
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="man.xml"/>
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="make.xml"/>
-<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="module-init-tools.xml"/>
+<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="modutils.xml"/>
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="patch.xml"/>
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="procps.xml"/>
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="psmisc.xml"/>

Deleted: branches/2.4-branch/BOOK/chapter06/module-init-tools.xml
===================================================================
--- branches/2.4-branch/BOOK/chapter06/module-init-tools.xml	2007-02-09 20:07:41 UTC (rev 974)
+++ branches/2.4-branch/BOOK/chapter06/module-init-tools.xml	2007-02-10 20:09:27 UTC (rev 975)
@@ -1,171 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
-  <!ENTITY % general-entities SYSTEM "../general.ent">
-  %general-entities;
-]>
-<sect1 id="ch-system-module-init-tools" role="wrap">
-<title>Module-Init-Tools-&module-init-tools-version;</title>
-<?dbhtml filename="module-init-tools.html"?>
-
-<indexterm zone="ch-system-module-init-tools"><primary sortas="a-Module-Init-Tools">Module-Init-Tools</primary></indexterm>
-
-<sect2 role="package"><title/>
-<para>The Module-Init-Tools package contains programs for handling kernel
-modules in Linux kernels greater than or equal to version 2.5.47.</para>
-
-<segmentedlist>
-<segtitle>&buildtime;</segtitle>
-<segtitle>&diskspace;</segtitle>
-<seglistitem><seg>?? SBU</seg><seg>?? KB</seg></seglistitem>
-</segmentedlist>
-
-<segmentedlist>
-<segtitle>&dependencies;</segtitle>
-<seglistitem><seg>Bash, Binutils, Bison,
-Coreutils, Diffutils, Flex, GCC, Glibc, Grep, M4, Make, and Sed</seg></seglistitem>
-</segmentedlist>
-</sect2>
-
-<sect2 role="installation">
-<title>Installation of Module-Init-Tools</title>
-
-<para>This patch removes <command>insmod.static</command>, it is not needed
-on modern Linux systems:</para>
-
-<screen><userinput>patch -Np1 -i ../&module-init-tools-nostatic-patch;</userinput></screen>
-
-<para>The testsuite for Module-init-utils rewrites the Makefile and resets the install
-prefix. If you wish to run the testsuite, then it must be run first:</para>
-
-<screen><userinput>./configure
-make check</userinput></screen>
-
-<para>Then clean the source tree:</para>
-
-<screen><userinput>make distclean</userinput></screen>
-
-<para>Prepare Module-Init-Tools for compilation:</para>
-
-<screen><userinput>./configure --prefix=/ --enable-zlib</userinput></screen>
-
-<para>Compile the package:</para>
-
-<screen><userinput>make</userinput></screen>
-
-<para>Install the package:</para>
-
-<screen><userinput>make install</userinput></screen>
-
-</sect2>
-
-<sect2 id="contents-module-init-tools" role="content"><title>Contents of Module-Init-Tools</title>
-
-<segmentedlist>
-<segtitle>Installed programs</segtitle>
-<seglistitem><seg>depmod, genksyms, insmod,
-insmod_ksymoops_clean, kallsyms (link to insmod), kernelversion, ksyms
-(link to insmod), lsmod (link to insmod), modinfo, modprobe (link to
-insmod), and rmmod (link to insmod)</seg></seglistitem>
-</segmentedlist>
-
-<variablelist><bridgehead renderas="sect3">Short Descriptions</bridgehead>
-<?dbfo list-presentation="list"?>
-<?dbhtml list-presentation="table"?>
-
-<varlistentry id="depmod">
-<term><command>depmod</command></term>
-<listitem>
-<para>Creates a dependency file based on the symbols it finds in the
-existing set of modules; this dependency file is used by <command>modprobe</command> to
-automatically load the required modules</para>
-<indexterm zone="ch-system-module-init-tools depmod"><primary sortas="b-depmod">depmod</primary></indexterm>
-</listitem>
-</varlistentry>
-
-<varlistentry id="genksyms">
-<term><command>genksyms</command></term>
-<listitem>
-<para>Generates symbol version information</para>
-<indexterm zone="ch-system-module-init-tools genksyms"><primary sortas="b-genksyms">genksyms</primary></indexterm>
-</listitem>
-</varlistentry>
-
-<varlistentry id="insmod">
-<term><command>insmod</command></term>
-<listitem>
-<para>Installs a loadable module in the running kernel</para>
-<indexterm zone="ch-system-module-init-tools insmod"><primary sortas="b-insmod">insmod</primary></indexterm>
-</listitem>
-</varlistentry>
-
-<varlistentry id="insmod_ksymoops_clean">
-<term><command>insmod_ksymoops_clean</command></term>
-<listitem>
-<para>Deletes saved ksyms and modules not accessed for two days</para>
-<indexterm zone="ch-system-module-init-tools insmod_ksymoops_clean"><primary sortas="b-insmod_ksymoops_clean">insmod_ksymoops_clean</primary></indexterm>
-</listitem>
-</varlistentry>
-
-<varlistentry id="kallsyms">
-<term><command>kallsyms</command></term>
-<listitem>
-<para>Extracts all kernel symbols for debugging</para>
-<indexterm zone="ch-system-module-init-tools kallsyms"><primary sortas="b-kallsyms">kallsyms</primary></indexterm>
-</listitem>
-</varlistentry>
-
-<varlistentry id="kernelversion">
-<term><command>kernelversion</command></term>
-<listitem>
-<para>Reports the major version of the running kernel</para>
-<indexterm zone="ch-system-module-init-tools kernelversion"><primary sortas="b-kernelversion">kernelversion</primary></indexterm>
-</listitem>
-</varlistentry>
-
-<varlistentry id="ksyms">
-<term><command>ksyms</command></term>
-<listitem>
-<para>Displays exported kernel symbols</para>
-<indexterm zone="ch-system-module-init-tools ksyms"><primary sortas="b-ksyms">ksyms</primary></indexterm>
-</listitem>
-</varlistentry>
-
-<varlistentry id="lsmod">
-<term><command>lsmod</command></term>
-<listitem>
-<para>Lists currently loaded modules</para>
-<indexterm zone="ch-system-module-init-tools lsmod"><primary sortas="b-lsmod">lsmod</primary></indexterm>
-</listitem>
-</varlistentry>
-
-<varlistentry id="modinfo">
-<term><command>modinfo</command></term>
-<listitem>
-<para>Examines an object file associated with a kernel module and
-displays any information that it can glean</para>
-<indexterm zone="ch-system-module-init-tools modinfo"><primary sortas="b-modinfo">modinfo</primary></indexterm>
-</listitem>
-</varlistentry>
-
-<varlistentry id="modprobe">
-<term><command>modprobe</command></term>
-<listitem>
-<para>Uses a dependency file, created by
-<command>depmod</command>, to automatically load relevant modules</para>
-<indexterm zone="ch-system-module-init-tools modprobe"><primary sortas="b-modprobe">modprobe</primary></indexterm>
-</listitem>
-</varlistentry>
-
-<varlistentry id="rmmod">
-<term><command>rmmod</command></term>
-<listitem>
-<para>Unloads modules from the running kernel</para>
-<indexterm zone="ch-system-module-init-tools rmmod"><primary sortas="b-rmmod">rmmod</primary></indexterm>
-</listitem>
-</varlistentry>
-</variablelist>
-
-</sect2>
-
-</sect1>
-

Copied: branches/2.4-branch/BOOK/chapter06/modutils.xml (from rev 958, branches/2.4-branch/BOOK/chapter06/module-init-tools.xml)
===================================================================
--- branches/2.4-branch/BOOK/chapter06/modutils.xml	                        (rev 0)
+++ branches/2.4-branch/BOOK/chapter06/modutils.xml	2007-02-10 20:09:27 UTC (rev 975)
@@ -0,0 +1,156 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
+  <!ENTITY % general-entities SYSTEM "../general.ent">
+  %general-entities;
+]>
+<sect1 id="ch-system-modutils" role="wrap">
+<title>Modutils-&modutils-version;</title>
+<?dbhtml filename="modutils.html"?>
+
+<indexterm zone="ch-system-modutils"><primary sortas="a-Modutils">Modutils</primary></indexterm>
+
+<sect2 role="package"><title/>
+<para>The Modutils package contains programs for handling kernel
+modules in Linux kernels.</para>
+
+<segmentedlist>
+<segtitle>&buildtime;</segtitle>
+<segtitle>&diskspace;</segtitle>
+<seglistitem><seg>?? SBU</seg><seg>?? KB</seg></seglistitem>
+</segmentedlist>
+
+<segmentedlist>
+<segtitle>&dependencies;</segtitle>
+<seglistitem><seg>Bash, Binutils, Bison,
+Coreutils, Diffutils, Flex, GCC, Glibc, Grep, M4, Make, and Sed</seg></seglistitem>
+</segmentedlist>
+</sect2>
+
+<sect2 role="installation">
+<title>Installation of Modutils</title>
+
+    <para>Prepare Modutils for compilation:</para>
+
+<screen><userinput>./configure --disable-insmod-static</userinput></screen>
+
+    <para>Compile the package:</para>
+
+<screen><userinput>make</userinput></screen>
+
+    <para>Install the package:</para>
+
+<screen><userinput>make install</userinput></screen>
+
+</sect2>
+
+<sect2 id="contents-modutils" role="content"><title>Contents of Modutils</title>
+
+<segmentedlist>
+<segtitle>Installed programs</segtitle>
+<seglistitem><seg>depmod, genksyms, insmod,
+insmod_ksymoops_clean, kallsyms (link to insmod), kernelversion, ksyms
+(link to insmod), lsmod (link to insmod), modinfo, modprobe (link to
+insmod), and rmmod (link to insmod)</seg></seglistitem>
+</segmentedlist>
+
+<variablelist><bridgehead renderas="sect3">Short Descriptions</bridgehead>
+<?dbfo list-presentation="list"?>
+<?dbhtml list-presentation="table"?>
+
+<varlistentry id="depmod">
+<term><command>depmod</command></term>
+<listitem>
+<para>Creates a dependency file based on the symbols it finds in the
+existing set of modules; this dependency file is used by <command>modprobe</command> to
+automatically load the required modules</para>
+<indexterm zone="ch-system-modutils depmod"><primary sortas="b-depmod">depmod</primary></indexterm>
+</listitem>
+</varlistentry>
+
+<varlistentry id="genksyms">
+<term><command>genksyms</command></term>
+<listitem>
+<para>Generates symbol version information</para>
+<indexterm zone="ch-system-modutils genksyms"><primary sortas="b-genksyms">genksyms</primary></indexterm>
+</listitem>
+</varlistentry>
+
+<varlistentry id="insmod">
+<term><command>insmod</command></term>
+<listitem>
+<para>Installs a loadable module in the running kernel</para>
+<indexterm zone="ch-system-modutils insmod"><primary sortas="b-insmod">insmod</primary></indexterm>
+</listitem>
+</varlistentry>
+
+<varlistentry id="insmod_ksymoops_clean">
+<term><command>insmod_ksymoops_clean</command></term>
+<listitem>
+<para>Deletes saved ksyms and modules not accessed for two days</para>
+<indexterm zone="ch-system-modutils insmod_ksymoops_clean"><primary sortas="b-insmod_ksymoops_clean">insmod_ksymoops_clean</primary></indexterm>
+</listitem>
+</varlistentry>
+
+<varlistentry id="kallsyms">
+<term><command>kallsyms</command></term>
+<listitem>
+<para>Extracts all kernel symbols for debugging</para>
+<indexterm zone="ch-system-modutils kallsyms"><primary sortas="b-kallsyms">kallsyms</primary></indexterm>
+</listitem>
+</varlistentry>
+
+<varlistentry id="kernelversion">
+<term><command>kernelversion</command></term>
+<listitem>
+<para>Reports the major version of the running kernel</para>
+<indexterm zone="ch-system-modutils kernelversion"><primary sortas="b-kernelversion">kernelversion</primary></indexterm>
+</listitem>
+</varlistentry>
+
+<varlistentry id="ksyms">
+<term><command>ksyms</command></term>
+<listitem>
+<para>Displays exported kernel symbols</para>
+<indexterm zone="ch-system-modutils ksyms"><primary sortas="b-ksyms">ksyms</primary></indexterm>
+</listitem>
+</varlistentry>
+
+<varlistentry id="lsmod">
+<term><command>lsmod</command></term>
+<listitem>
+<para>Lists currently loaded modules</para>
+<indexterm zone="ch-system-modutils lsmod"><primary sortas="b-lsmod">lsmod</primary></indexterm>
+</listitem>
+</varlistentry>
+
+<varlistentry id="modinfo">
+<term><command>modinfo</command></term>
+<listitem>
+<para>Examines an object file associated with a kernel module and
+displays any information that it can glean</para>
+<indexterm zone="ch-system-modutils modinfo"><primary sortas="b-modinfo">modinfo</primary></indexterm>
+</listitem>
+</varlistentry>
+
+<varlistentry id="modprobe">
+<term><command>modprobe</command></term>
+<listitem>
+<para>Uses a dependency file, created by
+<command>depmod</command>, to automatically load relevant modules</para>
+<indexterm zone="ch-system-modutils modprobe"><primary sortas="b-modprobe">modprobe</primary></indexterm>
+</listitem>
+</varlistentry>
+
+<varlistentry id="rmmod">
+<term><command>rmmod</command></term>
+<listitem>
+<para>Unloads modules from the running kernel</para>
+<indexterm zone="ch-system-modutils rmmod"><primary sortas="b-rmmod">rmmod</primary></indexterm>
+</listitem>
+</varlistentry>
+</variablelist>
+
+</sect2>
+
+</sect1>
+

Modified: branches/2.4-branch/BOOK/chapter06/openssl.xml
===================================================================
--- branches/2.4-branch/BOOK/chapter06/openssl.xml	2007-02-09 20:07:41 UTC (rev 974)
+++ branches/2.4-branch/BOOK/chapter06/openssl.xml	2007-02-10 20:09:27 UTC (rev 975)
@@ -40,9 +40,13 @@
 
 <screen><userinput>patch -Np1 -i ../&openssl-fix_manpages-patch;</userinput></screen>
 
-    <para>Prepare OpenSSL for compilation:</para>
+    <para>You may wish to add extra <option>-D</option> definitions, such as NO_IDEA,
+    NO_RC4, and NO_RC2 to disable weak alogorithms, REF_CHECK to add assertions,
+    CRYPTO_MDEBUG and MFUNC to add extra memory checking code. Prepare OpenSSL for
+    compilation:</para>
 
-<screen><userinput>./config --openssldir=/etc/ssl --prefix=/usr shared zlib-dynamic</userinput></screen>
+<screen><userinput>./config --openssldir=/etc/ssl --prefix=/usr shared zlib-dynamic \
+    -DSSL_FORBID_ENULL</userinput></screen>
 
     <variablelist>
       <title>The meaning of the configure options:</title>
@@ -72,6 +76,14 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><parameter>-DSSL_FORBID_ENULL</parameter></term>
+        <listitem>
+          <para>This option will forbid the use of the NULL encryption
+          cipher.</para>
+        </listitem>
+      </varlistentry>
+
     </variablelist>
 
     <para>Compile the package:</para>

Modified: branches/2.4-branch/BOOK/packages.ent
===================================================================
--- branches/2.4-branch/BOOK/packages.ent	2007-02-09 20:07:41 UTC (rev 974)
+++ branches/2.4-branch/BOOK/packages.ent	2007-02-10 20:09:27 UTC (rev 975)
@@ -120,8 +120,8 @@
 <!ENTITY mktemp-version "1.5">
 <!ENTITY mktemp-md5 "9a35c59502a228c6ce2be025fc6e3ff2">
 
-<!ENTITY module-init-tools-version "3.2.2">
-<!ENTITY module-init-tools-md5 "a1ad0a09d3231673f70d631f3f5040e9">
+<!ENTITY modutils-version "2.4.27">
+<!ENTITY modutils-md5 "bac989c74ed10f3bf86177fc5b4b89b6">
 
 <!ENTITY ncurses-version "5.6">
 <!ENTITY ncurses-md5 "b6593abe1089d6aab1551c105c9300e3">

Modified: branches/2.4-branch/BOOK/patches.ent
===================================================================
--- branches/2.4-branch/BOOK/patches.ent	2007-02-09 20:07:41 UTC (rev 974)
+++ branches/2.4-branch/BOOK/patches.ent	2007-02-10 20:09:27 UTC (rev 975)
@@ -126,9 +126,11 @@
 <!ENTITY mktemp-add_tempfile-patch-md5 "65d73faabe3f637ad79853b460d30a19">
 <!ENTITY mktemp-add_tempfile-patch-size "3.5 KB">
 
+<!--
 <!ENTITY module-init-tools-nostatic-patch "module-init-tools-&module-init-tools-version;-nostatic-1.patch">
 <!ENTITY module-init-tools-nostatic-patch-md5 "0d21b73f57ff249d486b936b6fba15da">
 <!ENTITY module-init-tools-nostatic-patch-size "4.5 KB">
+-->
 
 <!ENTITY openssl-fix_manpages-patch "openssl-&openssl-version;-fix_manpages-1.patch">
 <!ENTITY openssl-fix_manpages-patch-md5 "c4cf66cc2f3ea463be12e53267617aef">

Modified: trunk/BOOK/chapter01/changelog.xml
===================================================================
--- trunk/BOOK/chapter01/changelog.xml	2007-02-09 20:07:41 UTC (rev 974)
+++ trunk/BOOK/chapter01/changelog.xml	2007-02-10 20:09:27 UTC (rev 975)
@@ -112,6 +112,9 @@
 </listitem>
 -->
 
+<listitem><para>February 10th, 2007 [Robert]: Added -DSSL_FORBID_ENULL to OpenSSL to disable NULL
+ciphers, and notes about additional -D defines.</para></listitem>
+
 <listitem><para>February 9th, 2007 [Robert]: Added description for the Ncurses test suite.</para></listitem>
 
 <listitem><para>February 7th, 2007 [Robert]: Added a config.site in /tools for uClibc builds.</para></listitem>

Modified: trunk/BOOK/chapter06/openssl.xml
===================================================================
--- trunk/BOOK/chapter06/openssl.xml	2007-02-09 20:07:41 UTC (rev 974)
+++ trunk/BOOK/chapter06/openssl.xml	2007-02-10 20:09:27 UTC (rev 975)
@@ -40,9 +40,13 @@
 
 <screen><userinput>patch -Np1 -i ../&openssl-fix_manpages-patch;</userinput></screen>
 
-    <para>Prepare OpenSSL for compilation:</para>
+    <para>You may wish to add extra <option>-D</option> definitions, such as NO_IDEA,
+    NO_RC4, and NO_RC2 to disable weak alogorithms, REF_CHECK to add assertions,
+    CRYPTO_MDEBUG and MFUNC to add extra memory checking code. Prepare OpenSSL for
+    compilation:</para>
 
-<screen><userinput>./config --openssldir=/etc/ssl --prefix=/usr shared zlib-dynamic</userinput></screen>
+<screen><userinput>./config --openssldir=/etc/ssl --prefix=/usr shared zlib-dynamic \
+    -DSSL_FORBID_ENULL</userinput></screen>
 
     <variablelist>
       <title>The meaning of the configure options:</title>
@@ -72,6 +76,14 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><parameter>-DSSL_FORBID_ENULL</parameter></term>
+        <listitem>
+          <para>This option will forbid the use of the NULL encryption
+          cipher.</para>
+        </listitem>
+      </varlistentry>
+
     </variablelist>
 
     <para>Compile the package:</para>




More information about the hlfs-book mailing list