Difference between revisions of "OpenSSL"

From CBLFS
Jump to navigationJump to search
(Add parallel build fix patch and put note at top.)
(Makes more sense to have x86 instead of x86_64 with the other 32bit target names like sparc, powerpc...)
 
(One intermediate revision by one other user not shown)
Line 5: Line 5:
 
|-
 
|-
 
!Required Patch:
 
!Required Patch:
| http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-fix_manpages-1.patch
+
| http://svn.clfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-fix_manpages-1.patch
 
|-
 
|-
 
!Required Patch (x86_64 Multilib):
 
!Required Patch (x86_64 Multilib):
| http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-32bit_x86_64-1.patch
+
| http://svn.clfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-32bit_x86_64-1.patch
 
|-
 
|-
 
!Required Patch (MIPS):
 
!Required Patch (MIPS):
| http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-mips_support-1.patch
+
| http://svn.clfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-mips_support-1.patch
 
|-
 
|-
 
|Optional Patch:
 
|Optional Patch:
| http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-fix_parallel_build-1.patch
+
| http://svn.clfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-fix_parallel_build-1.patch
 
|}
 
|}
  
Line 62: Line 62:
 
Configure the Package (Use the appropriate command):
 
Configure the Package (Use the appropriate command):
  
==== x86_64 ====
+
==== x86 ====
  
 
  patch -Np1 -i ../openssl-{{OpenSSL-Version}}-32bit_x86_64-1.patch &&
 
  patch -Np1 -i ../openssl-{{OpenSSL-Version}}-32bit_x86_64-1.patch &&

Latest revision as of 17:08, 7 April 2017

Download Source: http://www.openssl.org/source/openssl-1.0.1e.tar.gz
Required Patch: http://svn.clfs.org/svn/repos/patches/openssl/openssl-1.0.1e-fix_manpages-1.patch
Required Patch (x86_64 Multilib): http://svn.clfs.org/svn/repos/patches/openssl/openssl-1.0.1e-32bit_x86_64-1.patch
Required Patch (MIPS): http://svn.clfs.org/svn/repos/patches/openssl/openssl-1.0.1e-mips_support-1.patch
Optional Patch: http://svn.clfs.org/svn/repos/patches/openssl/openssl-1.0.1e-fix_parallel_build-1.patch

Introduction to OpenSSL

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Project Homepage: http://www.openssl.org/

Dependencies

Optional

  • bc (used by the testsuite)
  • CVS (used by the certificate bundle script)
Caution.png

Note

Kerberos support is currently BROKEN, DO NOT USE
Caution.png

Note

Parallel build (make -j ...) may fail to install openssl but still appear to complete "successfully," without stopping at the error. Apply the parallel build patch: patch -Np1 -i ../openssl-1.0.1e-fix_parallel_build-1.patch

Non-Multilib

Caution.png

Note

When building on Sparc in Pure 64bit, use the configure command from the multilib section, then proceed as normal

Compile the package:

patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch &&
patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch &&
./config --openssldir=/etc/ssl --prefix=/usr shared &&
make MANDIR=/usr/share/man

Install the package

make MANDIR=/usr/share/man install &&
ln -sv ../../etc/ssl /usr/share &&
cp -v -r certs /etc/ssl &&
install -v -d -m755 /usr/share/doc/openssl-1.0.1e &&
cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \
    /usr/share/doc/openssl-1.0.1e

Multilib

32Bit

Apply Patches:

patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch 

Configure the Package (Use the appropriate command):

x86

patch -Np1 -i ../openssl-1.0.1e-32bit_x86_64-1.patch &&
./Configure linux-x86_64-32 --openssldir=/etc/ssl --prefix=/usr shared

Sparc

./Configure linux-sparcv9 --openssldir=/etc/ssl --prefix=/usr shared

Mips (Little-Endian)

patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch &&
./Configure linux-mipsel --openssldir=/etc/ssl --prefix=/usr shared

Mips (Big-Endian)

patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch &&
./Configure linux-mips --openssldir=/etc/ssl --prefix=/usr shared

PowerPC

./Configure linux-ppc --openssldir=/etc/ssl --prefix=/usr shared

Compile the package:

USE_ARCH=32 make CC="gcc ${BUILD32}" PERL=/usr/bin/perl

Install the package:

USE_ARCH=32 make PERL=/usr/bin/perl MANDIR=/usr/share/man install

N32

Apply Patches:

patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch &&
patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch

Configure the Package (Use the appropriate command):

Mips (Little-Endian)

./Configure linux-mipsel-n32 --openssldir=/etc/ssl --prefix=/usr shared

Mips (Big-Endian)

./Configure linux-mips-n32 --openssldir=/etc/ssl --prefix=/usr shared

Compile the package:

USE_ARCH=n32 make CC="gcc ${BUILDN32}" PERL=/usr/bin/perl LIBDIR=lib32

Install the package:

USE_ARCH=n32 make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib32 install

64Bit

Apply Patches:

patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch 

Configure the Package (Use the appropriate command):

x86_64

./Configure linux-x86_64 --openssldir=/etc/ssl --prefix=/usr shared

Sparc

./Configure linux64-sparcv9 --openssldir=/etc/ssl --prefix=/usr shared

Mips (Little-Endian)

patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch &&
./Configure linux-mips64el --openssldir=/etc/ssl --prefix=/usr shared

Mips (Big-Endian)

patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch &&
./Configure linux-mips64 --openssldir=/etc/ssl --prefix=/usr shared

PowerPC

./Configure linux-ppc64 --openssldir=/etc/ssl --prefix=/usr shared

Compile the package:

USE_ARCH=64 make CC="gcc ${BUILD64}" PERL=/usr/bin/perl LIBDIR=lib64

Install the package:

USE_ARCH=64 make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib64 install &&
ln -sv ../../etc/ssl /usr/share &&
cp -v -r certs /etc/ssl &&
install -v -d -m755 /usr/share/doc/openssl-1.0.1e &&
cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \
    /usr/share/doc/openssl-1.0.1e

Configuring

You can create a ca-bundle with the following script, it is from: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html

cat > mkcabundle.pl << "EOF"
#!/usr/bin/perl -w                                                                                                          
#                                                                                                                           
# Used to regenerate ca-bundle.crt from the Mozilla certdata.txt.                                                           
# Run as ./mkcabundle.pl > ca-bundle.crt                                                                                    
#                                                                                                                           

my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot';
my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt';

open(IN, "cvs -d $cvsroot co -p $certdata|")
    || die "could not check out certdata.txt";

my $incert = 0;

print<<EOH;
# This is a bundle of X.509 certificates of public Certificate
# Authorities.  It was generated from the Mozilla root CA list.
#
# Source: $certdata
#
EOH

while (<IN>) {
    if (/^CKA_VALUE MULTILINE_OCTAL/) {
        $incert = 1;
        open(OUT, "|openssl x509 -text -inform DER -fingerprint")
            || die "could not pipe to openssl x509";
    } elsif (/^END/ && $incert) {
        close(OUT);
        $incert = 0;
        print "\n\n";
    } elsif ($incert) {
        my @bs = split(/\\/);
        foreach my $b (@bs) {
            chomp $b;
            printf(OUT "%c", oct($b)) unless $b eq '';
        }
    } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
        print "# Generated from certdata.txt RCS revision $1\n#\n";
    }
}
EOF

This command requires that you have Perl and CVS installed:

./mkcabundle.pl > ca-bundle.crt &&
install -Dv -m644 ca-bundle.crt /etc/ssl/certs

Contents

Installed Programs: c_rehash, openssl
Installed Libraries: libcrypto.{so,a}, libssl.{so,a}
Installed Directories: /etc/ssl, /usr/include/ssl, /usr/lib/engines, /usr/share/doc/openssl-1.0.1e

Short Descriptions

c_rehash is a Perl script that scans all files in a directory and adds symbolic links to their hash values.
openssl is a command-line tool for using the various cryptography functions of OpenSSL's crypto library from the shell.
libcrypto.{so,a} implements a wide range of cryptographic algorithms used in various Internet standards.
libssl.{so,a} implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols
Retrieved from "?title=OpenSSL&oldid=21662"