Difference between revisions of "OpenSSL"
(→Configuring) |
|||
Line 6: | Line 6: | ||
!Required Patch: | !Required Patch: | ||
| http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-fix_manpages-1.patch | | http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-fix_manpages-1.patch | ||
− | |||
− | |||
− | |||
|- | |- | ||
!Required Patch (Multilib): | !Required Patch (Multilib): | ||
Line 36: | Line 33: | ||
{{Note|Parallel build (make -j ...) may fail to install openssl but still appear to complete "successfully," without stopping at the error.}} | {{Note|Parallel build (make -j ...) may fail to install openssl but still appear to complete "successfully," without stopping at the error.}} | ||
− | |||
− | |||
Compile the package: | Compile the package: | ||
patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages-1.patch && | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages-1.patch && | ||
− | |||
patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch && | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch && | ||
./config --openssldir=/etc/ssl --prefix=/usr shared && | ./config --openssldir=/etc/ssl --prefix=/usr shared && | ||
Line 59: | Line 53: | ||
{{Note|Parallel build (make -j ...) may fail to install openssl but still appear to complete "successfully," without stopping at the error.}} | {{Note|Parallel build (make -j ...) may fail to install openssl but still appear to complete "successfully," without stopping at the error.}} | ||
− | |||
− | |||
=== 32Bit === | === 32Bit === | ||
Line 66: | Line 58: | ||
Apply Patches: | Apply Patches: | ||
− | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages | + | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages-1.patch |
− | |||
Configure the Package (Use the appropriate command): | Configure the Package (Use the appropriate command): | ||
Line 107: | Line 98: | ||
patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages-1.patch && | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages-1.patch && | ||
− | |||
patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch | ||
Line 136: | Line 126: | ||
Apply Patches: | Apply Patches: | ||
− | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages | + | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages-1.patch |
− | |||
This patch allows OpenSSL to be installed into a dir other than lib: | This patch allows OpenSSL to be installed into a dir other than lib: |
Revision as of 14:24, 5 December 2010
Download Source: | http://www.openssl.org/source/openssl-1.0.1e.tar.gz |
---|---|
Required Patch: | http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-1.0.1e-fix_manpages-1.patch |
Required Patch (Multilib): | http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-1.0.1e-allow_lib64-1.patch |
Required Patch (x86_64 Multilib): | http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-1.0.1e-32bit_x86_64-1.patch |
Required Patch (MIPS): | http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-1.0.1e-mips_support-1.patch |
Contents
Introduction to OpenSSL
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
Project Homepage: http://www.openssl.org/
Dependencies
Optional
- bc (used by the testsuite)
Non-Multilib
Compile the package:
patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch && patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch && ./config --openssldir=/etc/ssl --prefix=/usr shared && make MANDIR=/usr/share/man
Install the package
make MANDIR=/usr/share/man install && ln -sv ../../etc/ssl /usr/share && cp -v -r certs /etc/ssl && install -v -d -m755 /usr/share/doc/openssl-1.0.1e && cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \ /usr/share/doc/openssl-1.0.1e
Multilib
32Bit
Apply Patches:
patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch
Configure the Package (Use the appropriate command):
x86_64
patch -Np1 -i ../openssl-1.0.1e-32bit_x86_64-1.patch && ./Configure linux-x86_64-32 --openssldir=/etc/ssl --prefix=/usr shared
Sparc
./Configure linux-sparcv9 --openssldir=/etc/ssl --prefix=/usr shared
Mips (Little-Endian)
patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch && ./Configure linux-mipsel --openssldir=/etc/ssl --prefix=/usr shared
Mips (Big-Endian)
patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch && ./Configure linux-mips --openssldir=/etc/ssl --prefix=/usr shared
PowerPC
./Configure linux-ppc --openssldir=/etc/ssl --prefix=/usr shared
Compile the package:
USE_ARCH=32 make CC="gcc ${BUILD32}" PERL=/usr/bin/perl
Install the package:
USE_ARCH=32 make PERL=/usr/bin/perl MANDIR=/usr/share/man install
N32
Apply Patches:
patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch && patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch
This patch allows OpenSSL to be installed a dir other than lib.
patch -Np1 -i ../openssl-1.0.1e-allow_lib64-1.patch
Configure the Package (Use the appropriate command):
Mips (Little-Endian)
./Configure linux-mipsel-n32 --openssldir=/etc/ssl --prefix=/usr shared
Mips (Big-Endian)
./Configure linux-mips-n32 --openssldir=/etc/ssl --prefix=/usr shared
Compile the package:
USE_ARCH=n32 make CC="gcc ${BUILDN32}" PERL=/usr/bin/perl LIBDIR=lib32
Install the package:
USE_ARCH=n32 make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib32 install
64Bit
Apply Patches:
patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch
This patch allows OpenSSL to be installed into a dir other than lib:
patch -Np1 -i ../openssl-1.0.1e-allow_lib64-1.patch
Configure the Package (Use the appropriate command):
x86_64
./Configure linux-x86_64 --openssldir=/etc/ssl --prefix=/usr shared
Sparc
./Configure linux64-sparcv9 --openssldir=/etc/ssl --prefix=/usr shared
Mips (Little-Endian)
patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch && ./Configure linux-mips64el --openssldir=/etc/ssl --prefix=/usr shared
Mips (Big-Endian)
patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch && ./Configure linux-mips64 --openssldir=/etc/ssl --prefix=/usr shared
PowerPC
./Configure linux-ppc64 --openssldir=/etc/ssl --prefix=/usr shared
Compile the package:
USE_ARCH=64 make CC="gcc ${BUILD64}" PERL=/usr/bin/perl LIBDIR=lib64
Install the package:
USE_ARCH=64 make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib64 install && ln -sv ../../etc/ssl /usr/share && cp -v -r certs /etc/ssl && install -v -d -m755 /usr/share/doc/openssl-1.0.1e && cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \ /usr/share/doc/openssl-1.0.1e
Configuring
You can create a ca-bundle with the following script, it is from: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html
cat > mkcabundle.pl << "EOF" #!/usr/bin/perl -w # # Used to regenerate ca-bundle.crt from the Mozilla certdata.txt. # Run as ./mkcabundle.pl > ca-bundle.crt # my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot'; my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt'; open(IN, "cvs -d $cvsroot co -p $certdata|") || die "could not check out certdata.txt"; my $incert = 0; print<<EOH; # This is a bundle of X.509 certificates of public Certificate # Authorities. It was generated from the Mozilla root CA list. # # Source: $certdata # EOH while (<IN>) { if (/^CKA_VALUE MULTILINE_OCTAL/) { $incert = 1; open(OUT, "|openssl x509 -text -inform DER -fingerprint") || die "could not pipe to openssl x509"; } elsif (/^END/ && $incert) { close(OUT); $incert = 0; print "\n\n"; } elsif ($incert) { my @bs = split(/\\/); foreach my $b (@bs) { chomp $b; printf(OUT "%c", oct($b)) unless $b eq ''; } } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) { print "# Generated from certdata.txt RCS revision $1\n#\n"; } } EOF
This command requires that you have Perl and CVS installed:
./mkcabundle.pl > ca-bundle.crt && install -Dv -m644 ca-bundle.crt /etc/ssl/certs
Contents
Installed Programs: | c_rehash, openssl |
---|---|
Installed Libraries: | libcrypto.{so,a}, libssl.{so,a} |
Installed Directories: | /etc/ssl, /usr/include/ssl, /usr/lib/engines, /usr/share/doc/openssl-1.0.1e |
Short Descriptions
c_rehash | is a Perl script that scans all files in a directory and adds symbolic links to their hash values. |
---|---|
openssl | is a command-line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. |
libcrypto.{so,a} | implements a wide range of cryptographic algorithms used in various Internet standards. |
libssl.{so,a} | implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols |