OpenSSL-1.0.2g
Introduction to OpenSSL
The OpenSSL package contains
management tools and libraries relating to cryptography. These are
useful for providing cryptography functions to other packages, such
as OpenSSH, email applications and
web browsers (for accessing HTTPS sites).
This package is known to build and work properly using an LFS-7.9
platform.
Package Information
OpenSSL Dependencies
Optional
MIT
Kerberos V5-1.14
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/OpenSSL
Installation of OpenSSL
Install OpenSSL with the following
commands:
./config --prefix=/usr \
--openssldir=/etc/ssl \
--libdir=lib \
shared \
zlib-dynamic &&
make
To test the results, issue: make
test.
If you want to disable installing the static libraries, use this
sed:
sed -i 's# libcrypto.a##;s# libssl.a##' Makefile
Now, as the root
user:
make MANDIR=/usr/share/man MANSUFFIX=ssl install &&
install -dv -m755 /usr/share/doc/openssl-1.0.2g &&
cp -vfr doc/* /usr/share/doc/openssl-1.0.2g
Command Explanations
shared
: This parameter
forces the creation of shared libraries along with the static
libraries.
zlib-dynamic
: This
parameter adds compression/decompression functionality using the
libz
library.
no-rc5 no-idea
: When added to the
./config command,
this will eliminate the building of those encryption methods.
Patent licenses may be needed for you to utilize either of those
methods in your projects.
make MANDIR=/usr/share/man
MANSUFFIX=ssl install: This command installs
OpenSSL with the man pages in
/usr/share/man
instead of
/etc/ssl/man
and appends "ssl" suffix
to the manual page names to avoid conflicts with manual pages
installed by other packages.
Configuring OpenSSL
Config Files
/etc/ssl/openssl.cnf
Configuration Information
Most users will want to install Certificate Authority
Certificates for validation of downloaded certificates. For
example, these certificates can be used by git-2.7.1, cURL-7.47.1 or Wget-1.17.1 when
accessing secure (https protocol) sites. To do this, follow the
instructions from the Certificate Authority
Certificates page.
Users who just want to use OpenSSL for providing functions to other
programs such as OpenSSH and web
browsers do not need to worry about additional configuration.
This is an advanced topic and so those who do need it would
normally be expected to either know how to properly update
/etc/ssl/openssl.cnf
or be able to
find out how to do it.
Contents
Installed Programs:
c_rehash and openssl
Installed Libraries:
libcrypto.{so,a} and libssl.{so,a}
Installed Directories:
/etc/ssl, /usr/include/openssl,
/usr/lib/engines and /usr/share/doc/openssl-1.0.2g
Short Descriptions
c_rehash
|
is a Perl script that
scans all files in a directory and adds symbolic links to
their hash values.
|
openssl
|
is a command-line tool for using the various cryptography
functions of OpenSSL's
crypto library from the shell. It can be used for various
functions which are documented in man 1 openssl.
|
libcrypto.{so,a}
|
implements a wide range of cryptographic algorithms used
in various Internet standards. The services provided by
this library are used by the OpenSSL implementations of SSL, TLS
and S/MIME, and they have also been used to implement
OpenSSH, OpenPGP, and other cryptographic
standards.
|
libssl.{so,a}
|
implements the Transport Layer Security (TLS v1)
protocol. It provides a rich API, documentation on which
can be found by running man
3 ssl.
|
Last updated on 2016-03-01 18:47:59 -0800