From: Darren Tucker <dtucker@dtucker.net>
Date: Mon, 9 Dec 2019 06:23:22 +0000 (+1100)
Subject: Recommend running LibreSSL or OpenSSL self-tests.
X-Git-Tag: V_8_2_P1~220
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b66fa5da25c4b5b67cf9f0ce7af513f5a6a6a686;p=thirdparty%2Fopenssh-portable.git

Recommend running LibreSSL or OpenSSL self-tests.
---

diff --git a/INSTALL b/INSTALL
index 46fc9e98a..5057dc287 100644
--- a/INSTALL
+++ b/INSTALL
@@ -31,6 +31,10 @@ If you must use a non-position-independent libcrypto, then you may need
 to configure OpenSSH --without-pie.  Note that due to a bug in EVP_CipherInit
 OpenSSL 1.1 versions prior to 1.1.0g can't be used.
 
+If you build either from source, running the OpenSSL self-test ("make
+tests") or the LibreSSL equivalent ("make check") and ensuring that all
+tests pass is strongly recommended.
+
 NB. If you operating system supports /dev/random, you should configure
 libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's
 direct support of /dev/random, or failing that, either prngd or egd.