Installation supplements
------------------------

Caution: You need to have fehQlibs installed!

Within the ./src directory you find some conf-* files for your adjustments:

1. Customization
- conf-man (man page target) => /usr/share/man

2. Compilation - files are autogenerated
- conf-cc (don't need to be touched)
- conf-ccperl (no adjustments required) 
- conf-ldperl (no adjustments required)

Note: The current version detects the AMD64 environment 
and the possible support for dynamic load libraries.

3. Installation dependencies & default - autogenerated
- conf-qlibs (the fehQlibs install directory; default: /usr/local/qlibs)
- conf-perl (no adjustments required)
- conf-ssl (default; add path to inlcude alternative or  additional openssl header file)
- conf-ssllib (default; the cryto libs to include)

  Note: If you installed OpenSSL 1.1.1b at /usr/local customizations are included as sample.

4. Certificate and key file handling -- these are parms declared for each server; thus may stay empty/untouched.
   Default values MAY be provided as:
- conf-cafile
- conf-ccafile
- conf-certchainfile
- conf-certfile
- conf-ciphers (a current sample is provided, but not active)
- conf-dhfile (you may use the 'dh1024.pem' in ucspi-ssl's ./etc dir)
- conf-keyfile

5. Installation procedure
   Usually, you just install the package with

- package/install

or -- in case the Perl install failes --

- package/install base
(- package/man)

6. Testing
- package/rts -- or  --
- package/rts base (if Perl is not installed/working).

  The etc/ directory includes some X.509 certs and keyfiles
  for testing. Have a look at those !

7. ucspi-tcp dependencies 
   The vanilla ucspi-tcp-0.88 package from Dan Bernstein does not support
   building 'tcprules' with CIDR support. 
   
   Download and install 'ucspi-tcp6' from 
   http://www.fehcom.de/ipnet/ucspi-tcp6.html.

8. Compatibility
	This version has been successfully tested against:

- OpenSSL 1.0.2j, 1.1.0c, 1.1.1b
- LibreSSL 2.5.4, 2.6.0, 2.7.0, 2.9.1 

9. LibreSSL 
   LibreSSL has has different understanding of 

- how to work with CIPHER_SUITES and
- how to use the 'libssl' and 'libcrypto'.

  The CIPHER_SUITE API is still OpenSSL pre 1.1.1.
  libssl and libcrypto are enumerated (eg. libssl.so.47). 
  In case you are building ucspi-ssl based on static libs,
  you need to do the following in the LibreSSL dir:

-  ln -s ssl/.libs/libssl.a .
-  ln -s crypto/.libs/libcrypto.a .

  Verify everything is working while perfoming the tests:

- package/rts !!

Erwin Hoffmann, October 2019

