Difference between revisions of "OpenSSL"

Jump to navigationJump to search
m (I reformatted the "Contents" section to use tables.)
(Makes more sense to have x86 instead of x86_64 with the other 32bit target names like sparc, powerpc...)
(49 intermediate revisions by 13 users not shown)
Line 2: Line 2:
!Download Source:
!Download Source:
| http://www.openssl.org/source/openssl-0.9.8d.tar.gz
| http://www.openssl.org/source/openssl-{{OpenSSL-Version}}.tar.gz
!Download Source:
| ftp://ftp.openssl.org/source/openssl-0.9.8d.tar.gz
!Required Patch:
!Required Patch:
| http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-0.9.8d-fix_manpages-1.patch
| http://svn.clfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-fix_manpages-1.patch
!Required Patch (Multilib):
| http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-0.9.8d-allow_lib64-1.patch
!Required Patch (x86_64 Multilib):
!Required Patch (x86_64 Multilib):
| http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-0.9.8d-32bit_x86_64-1.patch
| http://svn.clfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-32bit_x86_64-1.patch
!Required Patch (MIPS):
!Required Patch (MIPS):
| http://svn.cross-lfs.org/svn/repos/patches/openssl/openssl-0.9.8d-mips_support-1.patch
| http://svn.clfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-mips_support-1.patch
|Optional Patch:
| http://svn.clfs.org/svn/repos/patches/openssl/openssl-{{OpenSSL-Version}}-fix_parallel_build-1.patch
== Introduction to OpenSSL ==
{{Package-Introduction|The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.|http://www.openssl.org/ }}
The OpenSSL package contains management tools and libraries relating to cryptography. These are useful for providing cryptography functions to other packages, notably OpenSSH, email applications and web browsers (for accessing HTTPS sites).
== Dependencies ==
== Dependencies ==
Line 30: Line 25:
=== Optional ===
=== Optional ===
* [[bc]] (used by the testsuite)
* [[bc]] (used by the testsuite)
* [[CVS]] (used by the certificate bundle script)
{{Note|Kerberos support is currently BROKEN, DO NOT USE}}
{{Note|Parallel build (make -j ...) may fail to install openssl but still appear to complete "successfully," without stopping at the error. Apply the parallel build patch:
patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_parallel_build-1.patch}}
== Non-Multilib ==
== Non-Multilib ==
{{Note|When building on Sparc in Pure 64bit, use the configure command from the multilib section, then proceed as normal}}
Compile the package:
Compile the package:
  patch -Np1 -i ../openssl-0.9.8d-fix_manpages-1.patch &&
  patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages-1.patch &&
patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch &&
  ./config --openssldir=/etc/ssl --prefix=/usr shared &&
  ./config --openssldir=/etc/ssl --prefix=/usr shared &&
  make MANDIR=/usr/share/man
  make MANDIR=/usr/share/man
Line 42: Line 46:
  make MANDIR=/usr/share/man install &&
  make MANDIR=/usr/share/man install &&
ln -sv ../../etc/ssl /usr/share &&
  cp -v -r certs /etc/ssl &&
  cp -v -r certs /etc/ssl &&
  install -v -d -m755 /usr/share/doc/openssl-0.9.8d &&
  install -v -d -m755 /usr/share/doc/openssl-{{OpenSSL-Version}} &&
  cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \
  cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \
== Multilib ==
== Multilib ==
=== 32Bit ===
=== 32Bit ===
Apply Patches:
patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages-1.patch
Configure the Package (Use the appropriate command):
Configure the Package (Use the appropriate command):
==== x86_64 ====
==== x86 ====
  patch -Np1 -i ../openssl-0.9.8d-32bit_x86_64-1.patch &&
  patch -Np1 -i ../openssl-{{OpenSSL-Version}}-32bit_x86_64-1.patch &&
  ./Configure linux-x86_64-32 --openssldir=/etc/ssl --prefix=/usr shared
  ./Configure linux-x86_64-32 --openssldir=/etc/ssl --prefix=/usr shared
Line 64: Line 73:
==== Mips (Little-Endian) ====
==== Mips (Little-Endian) ====
patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch &&
  ./Configure linux-mipsel --openssldir=/etc/ssl --prefix=/usr shared
  ./Configure linux-mipsel --openssldir=/etc/ssl --prefix=/usr shared
==== Mips (Big-Endian) ====
==== Mips (Big-Endian) ====
patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch &&
  ./Configure linux-mips --openssldir=/etc/ssl --prefix=/usr shared
  ./Configure linux-mips --openssldir=/etc/ssl --prefix=/usr shared
==== PowerPC ====
./Configure linux-ppc --openssldir=/etc/ssl --prefix=/usr shared
Compile the package:
Compile the package:
Line 80: Line 95:
=== N32 ===
=== N32 ===
This patch allows OpenSSL to be installed a dir other then lib.
Apply Patches:
  patch -Np1 -i ../openssl-0.9.8d-allow_lib64-1.patch
  patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages-1.patch &&
patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch
Configure the Package (Use the appropriate command):
Configure the Package (Use the appropriate command):
Line 104: Line 120:
=== 64Bit ===
=== 64Bit ===
This patch allows OpenSSL to be installed into a dir other then lib:
Apply Patches:
  patch -Np1 -i ../openssl-0.9.8d-allow_lib64-1.patch
  patch -Np1 -i ../openssl-{{OpenSSL-Version}}-fix_manpages-1.patch  
Configure the Package (Use the appropriate command):
Configure the Package (Use the appropriate command):
Line 120: Line 136:
==== Mips (Little-Endian) ====
==== Mips (Little-Endian) ====
patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch &&
  ./Configure linux-mips64el --openssldir=/etc/ssl --prefix=/usr shared
  ./Configure linux-mips64el --openssldir=/etc/ssl --prefix=/usr shared
==== Mips (Big-Endian) ====
==== Mips (Big-Endian) ====
patch -Np1 -i ../openssl-{{OpenSSL-Version}}-mips_support-1.patch &&
  ./Configure linux-mips64 --openssldir=/etc/ssl --prefix=/usr shared
  ./Configure linux-mips64 --openssldir=/etc/ssl --prefix=/usr shared
==== PowerPC ====
./Configure linux-ppc64 --openssldir=/etc/ssl --prefix=/usr shared
Compile the package:
Compile the package:
Line 132: Line 154:
Install the package:
Install the package:
  USE_ARCH=64 make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib64 install
  USE_ARCH=64 make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib64 install &&
ln -sv ../../etc/ssl /usr/share &&
cp -v -r certs /etc/ssl &&
install -v -d -m755 /usr/share/doc/openssl-{{OpenSSL-Version}} &&
cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \
== Configuring ==
You can create a ca-bundle with the following script, it is from: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html
cat > mkcabundle.pl << "EOF"
#!/usr/bin/perl -w                                                                                                         
# Used to regenerate ca-bundle.crt from the Mozilla certdata.txt.                                                         
# Run as ./mkcabundle.pl > ca-bundle.crt                                                                                   
my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot';
my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt';
open(IN, "cvs -d $cvsroot co -p $certdata|")
    || die "could not check out certdata.txt";
my $incert = 0;
# This is a bundle of X.509 certificates of public Certificate
# Authorities.  It was generated from the Mozilla root CA list.
# Source: $certdata
while (<IN>) {
        $incert = 1;
        open(OUT, "|openssl x509 -text -inform DER -fingerprint")
            || die "could not pipe to openssl x509";
    } elsif (/^END/ && $incert) {
        $incert = 0;
        print "\n\n";
    } elsif ($incert) {
        my @bs = split(/\\/);
        foreach my $b (@bs) {
            chomp $b;
            printf(OUT "%c", oct($b)) unless $b eq <nowiki>''</nowiki>;
    } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
        print "# Generated from certdata.txt RCS revision $1\n#\n";
This command requires that you have Perl and [[CVS]] installed:
./mkcabundle.pl > ca-bundle.crt &&
install -Dv -m644 ca-bundle.crt /etc/ssl/certs
= Contents =
= Contents =
Line 146: Line 225:
! Installed Directories:
! Installed Directories:
| /etc/ssl, /usr/include/ssl, /usr/lib/engines, /usr/share/doc/openssl-0.9.8c
| /etc/ssl, /usr/include/ssl, /usr/lib/engines, /usr/share/doc/openssl-{{OpenSSL-Version}}
Line 155: Line 234:
! c_rehash
! c_rehash
| is a Perl script that scans all files in a directory and adds symbolic links to their hash values.
| is a Perl script that scans all files in a directory and adds symbolic links to their hash values.
! openssl
! openssl
| is a command-line tool for using the various cryptography functions of OpenSSL's crypto library from the shell
| is a command-line tool for using the various cryptography functions of OpenSSL's crypto library from the shell.
! libcrypto.{so,a}
! libcrypto.{so,a}
Line 163: Line 242:
| implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols.
| implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols

Latest revision as of 18:08, 7 April 2017

Download Source: http://www.openssl.org/source/openssl-1.0.1e.tar.gz
Required Patch: http://svn.clfs.org/svn/repos/patches/openssl/openssl-1.0.1e-fix_manpages-1.patch
Required Patch (x86_64 Multilib): http://svn.clfs.org/svn/repos/patches/openssl/openssl-1.0.1e-32bit_x86_64-1.patch
Required Patch (MIPS): http://svn.clfs.org/svn/repos/patches/openssl/openssl-1.0.1e-mips_support-1.patch
Optional Patch: http://svn.clfs.org/svn/repos/patches/openssl/openssl-1.0.1e-fix_parallel_build-1.patch

Introduction to OpenSSL

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Project Homepage: http://www.openssl.org/



  • bc (used by the testsuite)
  • CVS (used by the certificate bundle script)


Kerberos support is currently BROKEN, DO NOT USE


Parallel build (make -j ...) may fail to install openssl but still appear to complete "successfully," without stopping at the error. Apply the parallel build patch: patch -Np1 -i ../openssl-1.0.1e-fix_parallel_build-1.patch




When building on Sparc in Pure 64bit, use the configure command from the multilib section, then proceed as normal

Compile the package:

patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch &&
patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch &&
./config --openssldir=/etc/ssl --prefix=/usr shared &&
make MANDIR=/usr/share/man

Install the package

make MANDIR=/usr/share/man install &&
ln -sv ../../etc/ssl /usr/share &&
cp -v -r certs /etc/ssl &&
install -v -d -m755 /usr/share/doc/openssl-1.0.1e &&
cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \



Apply Patches:

patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch 

Configure the Package (Use the appropriate command):


patch -Np1 -i ../openssl-1.0.1e-32bit_x86_64-1.patch &&
./Configure linux-x86_64-32 --openssldir=/etc/ssl --prefix=/usr shared


./Configure linux-sparcv9 --openssldir=/etc/ssl --prefix=/usr shared

Mips (Little-Endian)

patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch &&
./Configure linux-mipsel --openssldir=/etc/ssl --prefix=/usr shared

Mips (Big-Endian)

patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch &&
./Configure linux-mips --openssldir=/etc/ssl --prefix=/usr shared


./Configure linux-ppc --openssldir=/etc/ssl --prefix=/usr shared

Compile the package:

USE_ARCH=32 make CC="gcc ${BUILD32}" PERL=/usr/bin/perl

Install the package:

USE_ARCH=32 make PERL=/usr/bin/perl MANDIR=/usr/share/man install


Apply Patches:

patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch &&
patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch

Configure the Package (Use the appropriate command):

Mips (Little-Endian)

./Configure linux-mipsel-n32 --openssldir=/etc/ssl --prefix=/usr shared

Mips (Big-Endian)

./Configure linux-mips-n32 --openssldir=/etc/ssl --prefix=/usr shared

Compile the package:

USE_ARCH=n32 make CC="gcc ${BUILDN32}" PERL=/usr/bin/perl LIBDIR=lib32

Install the package:

USE_ARCH=n32 make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib32 install


Apply Patches:

patch -Np1 -i ../openssl-1.0.1e-fix_manpages-1.patch 

Configure the Package (Use the appropriate command):


./Configure linux-x86_64 --openssldir=/etc/ssl --prefix=/usr shared


./Configure linux64-sparcv9 --openssldir=/etc/ssl --prefix=/usr shared

Mips (Little-Endian)

patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch &&
./Configure linux-mips64el --openssldir=/etc/ssl --prefix=/usr shared

Mips (Big-Endian)

patch -Np1 -i ../openssl-1.0.1e-mips_support-1.patch &&
./Configure linux-mips64 --openssldir=/etc/ssl --prefix=/usr shared


./Configure linux-ppc64 --openssldir=/etc/ssl --prefix=/usr shared

Compile the package:

USE_ARCH=64 make CC="gcc ${BUILD64}" PERL=/usr/bin/perl LIBDIR=lib64

Install the package:

USE_ARCH=64 make PERL=/usr/bin/perl MANDIR=/usr/share/man LIBDIR=lib64 install &&
ln -sv ../../etc/ssl /usr/share &&
cp -v -r certs /etc/ssl &&
install -v -d -m755 /usr/share/doc/openssl-1.0.1e &&
cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \


You can create a ca-bundle with the following script, it is from: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html

cat > mkcabundle.pl << "EOF"
#!/usr/bin/perl -w                                                                                                          
# Used to regenerate ca-bundle.crt from the Mozilla certdata.txt.                                                           
# Run as ./mkcabundle.pl > ca-bundle.crt                                                                                    

my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot';
my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt';

open(IN, "cvs -d $cvsroot co -p $certdata|")
    || die "could not check out certdata.txt";

my $incert = 0;

# This is a bundle of X.509 certificates of public Certificate
# Authorities.  It was generated from the Mozilla root CA list.
# Source: $certdata

while (<IN>) {
        $incert = 1;
        open(OUT, "|openssl x509 -text -inform DER -fingerprint")
            || die "could not pipe to openssl x509";
    } elsif (/^END/ && $incert) {
        $incert = 0;
        print "\n\n";
    } elsif ($incert) {
        my @bs = split(/\\/);
        foreach my $b (@bs) {
            chomp $b;
            printf(OUT "%c", oct($b)) unless $b eq '';
    } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
        print "# Generated from certdata.txt RCS revision $1\n#\n";

This command requires that you have Perl and CVS installed:

./mkcabundle.pl > ca-bundle.crt &&
install -Dv -m644 ca-bundle.crt /etc/ssl/certs


Installed Programs: c_rehash, openssl
Installed Libraries: libcrypto.{so,a}, libssl.{so,a}
Installed Directories: /etc/ssl, /usr/include/ssl, /usr/lib/engines, /usr/share/doc/openssl-1.0.1e

Short Descriptions

c_rehash is a Perl script that scans all files in a directory and adds symbolic links to their hash values.
openssl is a command-line tool for using the various cryptography functions of OpenSSL's crypto library from the shell.
libcrypto.{so,a} implements a wide range of cryptographic algorithms used in various Internet standards.
libssl.{so,a} implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols
Retrieved from "?title=OpenSSL&oldid=21662"