Beyond Linux® From Scratch - Version 7.5

Chapter 4. Security

OpenSSL-1.0.1f

Introduction to OpenSSL

The OpenSSL package contains management tools and libraries relating to cryptography. These are useful for providing cryptography functions to other packages, such as OpenSSH, email applications and web browsers (for accessing HTTPS sites).

[Warning]

Warning

This version of openssl has a serious security issue. Use the instructions at http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssl.html instead.

This package is known to build and work properly using an LFS-7.5 platform.

Package Information

Additional Downloads

OpenSSL Dependencies

Optional

MIT Kerberos V5-1.12.1

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/OpenSSL

Installation of OpenSSL

Install OpenSSL with the following commands: 

patch -Np1 -i ../openssl-1.0.1f-fix_parallel_build-1.patch &&
patch -Np1 -i ../openssl-1.0.1f-fix_pod_syntax-1.patch &&

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         --libdir=lib          \
         shared                \
         zlib-dynamic &&
make

To test the results, issue: make test.

If you want to disable installing the static libraries, use this sed: 

sed -i 's# libcrypto.a##;s# libssl.a##' Makefile

Now, as the root user: 

make MANDIR=/usr/share/man MANSUFFIX=ssl install &&
install -dv -m755 /usr/share/doc/openssl-1.0.1f  &&
cp -vfr doc/*     /usr/share/doc/openssl-1.0.1f

Command Explanations

shared: This parameter forces the creation of shared libraries along with the static libraries.

zlib-dynamic: This parameter adds compression/decompression functionality using the libz library.

no-rc5 no-idea: When added to the ./config command, this will eliminate the building of those encryption methods. Patent licenses may be needed for you to utilize either of those methods in your projects.

make MANDIR=/usr/share/man MANSUFFIX=ssl install: This command installs OpenSSL with the man pages in /usr/share/man instead of /etc/ssl/man and appends "ssl" suffix to the manual page names to avoid conflicts with manual pages installed by other packages.

Configuring OpenSSL

Config Files

/etc/ssl/openssl.cnf

Configuration Information

Most users will want to install Certificate Authority Certificates for validation of downloaded certificates. For example, these certificates can be used by git-1.9.0, cURL-7.35.0 or Wget-1.15 when accessing secure (https protocol) sites. To do this, follow the instructions from the Certificate Authority Certificates page.

Users who just want to use OpenSSL for providing functions to other programs such as OpenSSH and web browsers do not need to worry about additional configuration. This is an advanced topic and so those who do need it would normally be expected to either know how to properly update /etc/ssl/openssl.cnf or be able to find out how to do it.

Contents

Installed Programs: c_rehash and openssl
Installed Libraries: libcrypto.{so,a} and libssl.{so,a}
Installed Directories: /etc/ssl, /usr/include/openssl, /usr/lib/engines and /usr/share/doc/openssl-1.0.1f

Short Descriptions

c_rehash

is a Perl script that scans all files in a directory and adds symbolic links to their hash values.

openssl

is a command-line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for various functions which are documented in man 1 openssl.

libcrypto.{so,a}

implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of SSL, TLS and S/MIME, and they have also been used to implement OpenSSH, OpenPGP, and other cryptographic standards.

libssl.{so,a}

implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It provides a rich API, documentation on which can be found by running man 3 ssl.

Last updated on 2014-02-17 12:00:29 -0800