Difference between revisions of "OpenSSL"

From CBLFS
Jump to navigationJump to search
(Add optional requirement for the certificate bundle)
(Add parallel build fix patch and put note at top.)
Line 12: Line 12:
 
!Required Patch (MIPS):
 
!Required Patch (MIPS):
 
| http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-mips_support-1.patch
 
| http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-mips_support-1.patch
 +
|-
 +
|Optional Patch:
 +
| http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-fix_parallel_build-1.patch
 
|}
 
|}
  
Line 25: Line 28:
  
 
{{Note|Kerberos support is currently BROKEN, DO NOT USE}}
 
{{Note|Kerberos support is currently BROKEN, DO NOT USE}}
 +
 +
{{Note|Parallel build (make -j ...) may fail to install openssl but still appear to complete "successfully," without stopping at the error. Apply the parallel build patch:
 +
patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_parallel_build-1.patch}}
  
 
== Non-Multilib ==
 
== Non-Multilib ==
  
 
{{Note|When building on Sparc in Pure 64bit, use the configure command from the multilib section, then proceed as normal}}
 
{{Note|When building on Sparc in Pure 64bit, use the configure command from the multilib section, then proceed as normal}}
 
{{Note|Parallel build (make -j ...) may fail to install openssl but still appear to complete "successfully," without stopping at the error.}}
 
  
 
Compile the package:
 
Compile the package:
Line 49: Line 53:
  
 
== Multilib ==
 
== Multilib ==
 
{{Note|Parallel build (make -j ...) may fail to install openssl but still appear to complete "successfully," without stopping at the error.}}
 
  
 
=== 32Bit ===
 
=== 32Bit ===

Revision as of 09:50, 9 October 2013

Download Source: http://www.openssl.org/source/openssl-1.0.1e.tar.gz
Required Patch: http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-1.0.1e-fix_manpages-1.patch
Required Patch (x86_64 Multilib): http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-1.0.1e-32bit_x86_64-1.patch
Required Patch (MIPS): http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-1.0.1e-mips_support-1.patch
Optional Patch: http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-1.0.1e-fix_parallel_build-1.patch

Introduction to OpenSSL

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Project Homepage: http://www.openssl.org/

Dependencies

Optional

  • bc (used by the testsuite)
  • CVS (used by the certificate bundle script)
Caution.png

Note

Kerberos support is currently BROKEN, DO NOT USE
Caution.png

Note

Parallel build (make -j ...) may fail to install openssl but still appear to complete "successfully," without stopping at the error. Apply the parallel build patch: patch -Np1 -i ../openssl-1.0.1e-fix_parallel_build-1.patch

Non-Multilib

Caution.png

Note

When building on Sparc in Pure 64bit, use the configure command from the multilib section, then proceed as normal

Compile the package:

patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch &&
patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch &&
./config --openssldir=/etc/ssl --prefix=/usr shared &&
make MANDIR=/usr/share/man

Install the package

make MANDIR=/usr/share/man install &&
ln -sv ../../etc/ssl /usr/share &&
cp -v -r certs /etc/ssl &&
install -v -d -m755 /usr/share/doc/openssl-1.0.1e &&
cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \
    /usr/share/doc/openssl-1.0.1e

Multilib

32Bit

Apply Patches:

patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch 

Configure the Package (Use the appropriate command):

x86_64

patch -Np1 -i ../openssl-1.0.1e-32bit_x86_64-1.patch &&
./Configure linux-x86_64-32 --openssldir=/etc/ssl --prefix=/usr shared

Sparc

./Configure linux-sparcv9 --openssldir=/etc/ssl --prefix=/usr shared

Mips (Little-Endian)

patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch &&
./Configure linux-mipsel --openssldir=/etc/ssl --prefix=/usr shared

Mips (Big-Endian)

patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch &&
./Configure linux-mips --openssldir=/etc/ssl --prefix=/usr shared

PowerPC

./Configure linux-ppc --openssldir=/etc/ssl --prefix=/usr shared

Compile the package:

USE_ARCH=32 make CC="gcc ${BUILD32}" PERL=/usr/bin/perl

Install the package:

USE_ARCH=32 make PERL=/usr/bin/perl MANDIR=/usr/share/man install

N32

Apply Patches:

patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch &&
patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch

Configure the Package (Use the appropriate command):

Mips (Little-Endian)

./Configure linux-mipsel-n32 --openssldir=/etc/ssl --prefix=/usr shared

Mips (Big-Endian)

./Configure linux-mips-n32 --openssldir=/etc/ssl --prefix=/usr shared

Compile the package:

USE_ARCH=n32 make CC="gcc ${BUILDN32}" PERL=/usr/bin/perl LIBDIR=lib32

Install the package:

USE_ARCH=n32 make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib32 install

64Bit

Apply Patches:

patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch 

Configure the Package (Use the appropriate command):

x86_64

./Configure linux-x86_64 --openssldir=/etc/ssl --prefix=/usr shared

Sparc

./Configure linux64-sparcv9 --openssldir=/etc/ssl --prefix=/usr shared

Mips (Little-Endian)

patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch &&
./Configure linux-mips64el --openssldir=/etc/ssl --prefix=/usr shared

Mips (Big-Endian)

patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch &&
./Configure linux-mips64 --openssldir=/etc/ssl --prefix=/usr shared

PowerPC

./Configure linux-ppc64 --openssldir=/etc/ssl --prefix=/usr shared

Compile the package:

USE_ARCH=64 make CC="gcc ${BUILD64}" PERL=/usr/bin/perl LIBDIR=lib64

Install the package:

USE_ARCH=64 make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib64 install &&
ln -sv ../../etc/ssl /usr/share &&
cp -v -r certs /etc/ssl &&
install -v -d -m755 /usr/share/doc/openssl-1.0.1e &&
cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \
    /usr/share/doc/openssl-1.0.1e

Configuring

You can create a ca-bundle with the following script, it is from: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html

cat > mkcabundle.pl << "EOF"
#!/usr/bin/perl -w                                                                                                          
#                                                                                                                           
# Used to regenerate ca-bundle.crt from the Mozilla certdata.txt.                                                           
# Run as ./mkcabundle.pl > ca-bundle.crt                                                                                    
#                                                                                                                           

my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot';
my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt';

open(IN, "cvs -d $cvsroot co -p $certdata|")
    || die "could not check out certdata.txt";

my $incert = 0;

print<<EOH;
# This is a bundle of X.509 certificates of public Certificate
# Authorities.  It was generated from the Mozilla root CA list.
#
# Source: $certdata
#
EOH

while (<IN>) {
    if (/^CKA_VALUE MULTILINE_OCTAL/) {
        $incert = 1;
        open(OUT, "|openssl x509 -text -inform DER -fingerprint")
            || die "could not pipe to openssl x509";
    } elsif (/^END/ && $incert) {
        close(OUT);
        $incert = 0;
        print "\n\n";
    } elsif ($incert) {
        my @bs = split(/\\/);
        foreach my $b (@bs) {
            chomp $b;
            printf(OUT "%c", oct($b)) unless $b eq '';
        }
    } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
        print "# Generated from certdata.txt RCS revision $1\n#\n";
    }
}
EOF

This command requires that you have Perl and CVS installed:

./mkcabundle.pl > ca-bundle.crt &&
install -Dv -m644 ca-bundle.crt /etc/ssl/certs

Contents

Installed Programs: c_rehash, openssl
Installed Libraries: libcrypto.{so,a}, libssl.{so,a}
Installed Directories: /etc/ssl, /usr/include/ssl, /usr/lib/engines, /usr/share/doc/openssl-1.0.1e

Short Descriptions

c_rehash is a Perl script that scans all files in a directory and adds symbolic links to their hash values.
openssl is a command-line tool for using the various cryptography functions of OpenSSL's crypto library from the shell.
libcrypto.{so,a} implements a wide range of cryptographic algorithms used in various Internet standards.
libssl.{so,a} implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols
Retrieved from "?title=OpenSSL&oldid=21567"