Difference between revisions of "OpenSSL"
(Makes more sense to have x86 instead of x86_64 with the other 32bit target names like sparc, powerpc...) |
|||
(52 intermediate revisions by 14 users not shown) | |||
Line 2: | Line 2: | ||
|- | |- | ||
!Download Source: | !Download Source: | ||
− | | http://www.openssl.org/source/openssl- | + | | http://www.openssl.org/source/openssl-{{OpenSSL-Version}}.tar.gz |
− | |||
− | |||
− | |||
|- | |- | ||
!Required Patch: | !Required Patch: | ||
− | | http://svn. | + | | http://svn.clfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-fix_manpages-1.patch |
− | |||
− | |||
− | |||
|- | |- | ||
!Required Patch (x86_64 Multilib): | !Required Patch (x86_64 Multilib): | ||
− | | http://svn. | + | | http://svn.clfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-32bit_x86_64-1.patch |
|- | |- | ||
!Required Patch (MIPS): | !Required Patch (MIPS): | ||
− | | http://svn. | + | | http://svn.clfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-mips_support-1.patch |
+ | |- | ||
+ | |Optional Patch: | ||
+ | | http://svn.clfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-fix_parallel_build-1.patch | ||
|} | |} | ||
---- | ---- | ||
+ | |||
+ | {{Package-Introduction|The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.|http://www.openssl.org/ }} | ||
== Dependencies == | == Dependencies == | ||
Line 26: | Line 25: | ||
=== Optional === | === Optional === | ||
* [[bc]] (used by the testsuite) | * [[bc]] (used by the testsuite) | ||
+ | * [[CVS]] (used by the certificate bundle script) | ||
+ | |||
+ | {{Note|Kerberos support is currently BROKEN, DO NOT USE}} | ||
+ | |||
+ | {{Note|Parallel build (make -j ...) may fail to install openssl but still appear to complete "successfully," without stopping at the error. Apply the parallel build patch: | ||
+ | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_parallel_build-1.patch}} | ||
== Non-Multilib == | == Non-Multilib == | ||
+ | |||
+ | {{Note|When building on Sparc in Pure 64bit, use the configure command from the multilib section, then proceed as normal}} | ||
Compile the package: | Compile the package: | ||
− | patch -Np1 -i ../openssl- | + | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages-1.patch && |
+ | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch && | ||
./config --openssldir=/etc/ssl --prefix=/usr shared && | ./config --openssldir=/etc/ssl --prefix=/usr shared && | ||
make MANDIR=/usr/share/man | make MANDIR=/usr/share/man | ||
Line 38: | Line 46: | ||
make MANDIR=/usr/share/man install && | make MANDIR=/usr/share/man install && | ||
+ | ln -sv ../../etc/ssl /usr/share && | ||
cp -v -r certs /etc/ssl && | cp -v -r certs /etc/ssl && | ||
− | install -v -d -m755 /usr/share/doc/openssl- | + | install -v -d -m755 /usr/share/doc/openssl-{{OpenSSL-Version}} && |
cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \ | cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \ | ||
− | /usr/share/doc/openssl- | + | /usr/share/doc/openssl-{{OpenSSL-Version}} |
== Multilib == | == Multilib == | ||
=== 32Bit === | === 32Bit === | ||
+ | |||
+ | Apply Patches: | ||
+ | |||
+ | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages-1.patch | ||
Configure the Package (Use the appropriate command): | Configure the Package (Use the appropriate command): | ||
− | ==== | + | ==== x86 ==== |
− | patch -Np1 -i ../openssl- | + | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-32bit_x86_64-1.patch && |
./Configure linux-x86_64-32 --openssldir=/etc/ssl --prefix=/usr shared | ./Configure linux-x86_64-32 --openssldir=/etc/ssl --prefix=/usr shared | ||
Line 60: | Line 73: | ||
==== Mips (Little-Endian) ==== | ==== Mips (Little-Endian) ==== | ||
+ | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch && | ||
./Configure linux-mipsel --openssldir=/etc/ssl --prefix=/usr shared | ./Configure linux-mipsel --openssldir=/etc/ssl --prefix=/usr shared | ||
==== Mips (Big-Endian) ==== | ==== Mips (Big-Endian) ==== | ||
+ | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch && | ||
./Configure linux-mips --openssldir=/etc/ssl --prefix=/usr shared | ./Configure linux-mips --openssldir=/etc/ssl --prefix=/usr shared | ||
+ | |||
+ | ==== PowerPC ==== | ||
+ | |||
+ | ./Configure linux-ppc --openssldir=/etc/ssl --prefix=/usr shared | ||
Compile the package: | Compile the package: | ||
Line 76: | Line 95: | ||
=== N32 === | === N32 === | ||
− | + | Apply Patches: | |
− | patch -Np1 -i ../openssl- | + | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages-1.patch && |
+ | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch | ||
Configure the Package (Use the appropriate command): | Configure the Package (Use the appropriate command): | ||
Line 92: | Line 112: | ||
Compile the package: | Compile the package: | ||
− | make CC="gcc ${BUILDN32}" PERL=/usr/bin/perl LIBDIR=lib32 | + | USE_ARCH=n32 make CC="gcc ${BUILDN32}" PERL=/usr/bin/perl LIBDIR=lib32 |
Install the package: | Install the package: | ||
− | make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib32 install | + | USE_ARCH=n32 make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib32 install |
=== 64Bit === | === 64Bit === | ||
− | + | Apply Patches: | |
− | patch -Np1 -i ../openssl- | + | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages-1.patch |
Configure the Package (Use the appropriate command): | Configure the Package (Use the appropriate command): | ||
Line 116: | Line 136: | ||
==== Mips (Little-Endian) ==== | ==== Mips (Little-Endian) ==== | ||
+ | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch && | ||
./Configure linux-mips64el --openssldir=/etc/ssl --prefix=/usr shared | ./Configure linux-mips64el --openssldir=/etc/ssl --prefix=/usr shared | ||
==== Mips (Big-Endian) ==== | ==== Mips (Big-Endian) ==== | ||
+ | patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch && | ||
./Configure linux-mips64 --openssldir=/etc/ssl --prefix=/usr shared | ./Configure linux-mips64 --openssldir=/etc/ssl --prefix=/usr shared | ||
+ | |||
+ | ==== PowerPC ==== | ||
+ | |||
+ | ./Configure linux-ppc64 --openssldir=/etc/ssl --prefix=/usr shared | ||
Compile the package: | Compile the package: | ||
Line 128: | Line 154: | ||
Install the package: | Install the package: | ||
− | USE_ARCH=64 make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib64 install | + | USE_ARCH=64 make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib64 install && |
+ | ln -sv ../../etc/ssl /usr/share && | ||
+ | cp -v -r certs /etc/ssl && | ||
+ | install -v -d -m755 /usr/share/doc/openssl-{{OpenSSL-Version}} && | ||
+ | cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \ | ||
+ | /usr/share/doc/openssl-{{OpenSSL-Version}} | ||
+ | |||
+ | == Configuring == | ||
+ | You can create a ca-bundle with the following script, it is from: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html | ||
− | = | + | cat > mkcabundle.pl << "EOF" |
+ | #!/usr/bin/perl -w | ||
+ | # | ||
+ | # Used to regenerate ca-bundle.crt from the Mozilla certdata.txt. | ||
+ | # Run as ./mkcabundle.pl > ca-bundle.crt | ||
+ | # | ||
+ | |||
+ | my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot'; | ||
+ | my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt'; | ||
+ | |||
+ | open(IN, "cvs -d $cvsroot co -p $certdata|") | ||
+ | || die "could not check out certdata.txt"; | ||
+ | |||
+ | my $incert = 0; | ||
+ | |||
+ | print<<EOH; | ||
+ | # This is a bundle of X.509 certificates of public Certificate | ||
+ | # Authorities. It was generated from the Mozilla root CA list. | ||
+ | # | ||
+ | # Source: $certdata | ||
+ | # | ||
+ | EOH | ||
+ | |||
+ | while (<IN>) { | ||
+ | if (/^CKA_VALUE MULTILINE_OCTAL/) { | ||
+ | $incert = 1; | ||
+ | open(OUT, "|openssl x509 -text -inform DER -fingerprint") | ||
+ | || die "could not pipe to openssl x509"; | ||
+ | } elsif (/^END/ && $incert) { | ||
+ | close(OUT); | ||
+ | $incert = 0; | ||
+ | print "\n\n"; | ||
+ | } elsif ($incert) { | ||
+ | my @bs = split(/\\/); | ||
+ | foreach my $b (@bs) { | ||
+ | chomp $b; | ||
+ | printf(OUT "%c", oct($b)) unless $b eq <nowiki>''</nowiki>; | ||
+ | } | ||
+ | } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) { | ||
+ | print "# Generated from certdata.txt RCS revision $1\n#\n"; | ||
+ | } | ||
+ | } | ||
+ | EOF | ||
− | + | This command requires that you have Perl and [[CVS]] installed: | |
− | + | ./mkcabundle.pl > ca-bundle.crt && | |
+ | install -Dv -m644 ca-bundle.crt /etc/ssl/certs | ||
− | + | = Contents = | |
− | Installed Directories: /etc/ssl, /usr/include/ssl, /usr/lib/engines, /usr/share/doc/openssl- | + | {| style="text-align: left;" |
+ | |- | ||
+ | ! Installed Programs: | ||
+ | | c_rehash, openssl | ||
+ | |- | ||
+ | ! Installed Libraries: | ||
+ | | libcrypto.{so,a}, libssl.{so,a} | ||
+ | |- | ||
+ | ! Installed Directories: | ||
+ | | /etc/ssl, /usr/include/ssl, /usr/lib/engines, /usr/share/doc/openssl-{{OpenSSL-Version}} | ||
+ | |} | ||
=== Short Descriptions === | === Short Descriptions === | ||
− | c_rehash | + | {| style="text-align: left;" |
− | + | |- | |
− | openssl | + | ! c_rehash |
− | + | | is a Perl script that scans all files in a directory and adds symbolic links to their hash values. | |
− | libcrypto.{so,a} | + | |-valign="top" |
+ | ! openssl | ||
+ | | is a command-line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. | ||
+ | |- | ||
+ | ! libcrypto.{so,a} | ||
+ | | implements a wide range of cryptographic algorithms used in various Internet standards. | ||
+ | |- | ||
+ | !libssl.{so,a} | ||
+ | | implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols | ||
+ | |} | ||
− | + | [[Category:Security]] |
Latest revision as of 17:08, 7 April 2017
Download Source: | http://www.openssl.org/source/openssl-1.0.1e.tar.gz |
---|---|
Required Patch: | http://svn.clfs.org/svn/repos/patches/openssl/openssl-1.0.1e-fix_manpages-1.patch |
Required Patch (x86_64 Multilib): | http://svn.clfs.org/svn/repos/patches/openssl/openssl-1.0.1e-32bit_x86_64-1.patch |
Required Patch (MIPS): | http://svn.clfs.org/svn/repos/patches/openssl/openssl-1.0.1e-mips_support-1.patch |
Optional Patch: | http://svn.clfs.org/svn/repos/patches/openssl/openssl-1.0.1e-fix_parallel_build-1.patch |
Contents
Introduction to OpenSSL
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
Project Homepage: http://www.openssl.org/
Dependencies
Optional
Non-Multilib
Compile the package:
patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch && patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch && ./config --openssldir=/etc/ssl --prefix=/usr shared && make MANDIR=/usr/share/man
Install the package
make MANDIR=/usr/share/man install && ln -sv ../../etc/ssl /usr/share && cp -v -r certs /etc/ssl && install -v -d -m755 /usr/share/doc/openssl-1.0.1e && cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \ /usr/share/doc/openssl-1.0.1e
Multilib
32Bit
Apply Patches:
patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch
Configure the Package (Use the appropriate command):
x86
patch -Np1 -i ../openssl-1.0.1e-32bit_x86_64-1.patch && ./Configure linux-x86_64-32 --openssldir=/etc/ssl --prefix=/usr shared
Sparc
./Configure linux-sparcv9 --openssldir=/etc/ssl --prefix=/usr shared
Mips (Little-Endian)
patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch && ./Configure linux-mipsel --openssldir=/etc/ssl --prefix=/usr shared
Mips (Big-Endian)
patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch && ./Configure linux-mips --openssldir=/etc/ssl --prefix=/usr shared
PowerPC
./Configure linux-ppc --openssldir=/etc/ssl --prefix=/usr shared
Compile the package:
USE_ARCH=32 make CC="gcc ${BUILD32}" PERL=/usr/bin/perl
Install the package:
USE_ARCH=32 make PERL=/usr/bin/perl MANDIR=/usr/share/man install
N32
Apply Patches:
patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch && patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch
Configure the Package (Use the appropriate command):
Mips (Little-Endian)
./Configure linux-mipsel-n32 --openssldir=/etc/ssl --prefix=/usr shared
Mips (Big-Endian)
./Configure linux-mips-n32 --openssldir=/etc/ssl --prefix=/usr shared
Compile the package:
USE_ARCH=n32 make CC="gcc ${BUILDN32}" PERL=/usr/bin/perl LIBDIR=lib32
Install the package:
USE_ARCH=n32 make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib32 install
64Bit
Apply Patches:
patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch
Configure the Package (Use the appropriate command):
x86_64
./Configure linux-x86_64 --openssldir=/etc/ssl --prefix=/usr shared
Sparc
./Configure linux64-sparcv9 --openssldir=/etc/ssl --prefix=/usr shared
Mips (Little-Endian)
patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch && ./Configure linux-mips64el --openssldir=/etc/ssl --prefix=/usr shared
Mips (Big-Endian)
patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch && ./Configure linux-mips64 --openssldir=/etc/ssl --prefix=/usr shared
PowerPC
./Configure linux-ppc64 --openssldir=/etc/ssl --prefix=/usr shared
Compile the package:
USE_ARCH=64 make CC="gcc ${BUILD64}" PERL=/usr/bin/perl LIBDIR=lib64
Install the package:
USE_ARCH=64 make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib64 install && ln -sv ../../etc/ssl /usr/share && cp -v -r certs /etc/ssl && install -v -d -m755 /usr/share/doc/openssl-1.0.1e && cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \ /usr/share/doc/openssl-1.0.1e
Configuring
You can create a ca-bundle with the following script, it is from: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html
cat > mkcabundle.pl << "EOF" #!/usr/bin/perl -w # # Used to regenerate ca-bundle.crt from the Mozilla certdata.txt. # Run as ./mkcabundle.pl > ca-bundle.crt # my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot'; my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt'; open(IN, "cvs -d $cvsroot co -p $certdata|") || die "could not check out certdata.txt"; my $incert = 0; print<<EOH; # This is a bundle of X.509 certificates of public Certificate # Authorities. It was generated from the Mozilla root CA list. # # Source: $certdata # EOH while (<IN>) { if (/^CKA_VALUE MULTILINE_OCTAL/) { $incert = 1; open(OUT, "|openssl x509 -text -inform DER -fingerprint") || die "could not pipe to openssl x509"; } elsif (/^END/ && $incert) { close(OUT); $incert = 0; print "\n\n"; } elsif ($incert) { my @bs = split(/\\/); foreach my $b (@bs) { chomp $b; printf(OUT "%c", oct($b)) unless $b eq ''; } } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) { print "# Generated from certdata.txt RCS revision $1\n#\n"; } } EOF
This command requires that you have Perl and CVS installed:
./mkcabundle.pl > ca-bundle.crt && install -Dv -m644 ca-bundle.crt /etc/ssl/certs
Contents
Installed Programs: | c_rehash, openssl |
---|---|
Installed Libraries: | libcrypto.{so,a}, libssl.{so,a} |
Installed Directories: | /etc/ssl, /usr/include/ssl, /usr/lib/engines, /usr/share/doc/openssl-1.0.1e |
Short Descriptions
c_rehash | is a Perl script that scans all files in a directory and adds symbolic links to their hash values. |
---|---|
openssl | is a command-line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. |
libcrypto.{so,a} | implements a wide range of cryptographic algorithms used in various Internet standards. |
libssl.{so,a} | implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols |