The OpenSSL package contains management tools and libraries
relating to cryptography. These are useful for providing
cryptographic functions to other packages, such as OpenSSH, email
applications, and web browsers (for accessing HTTPS sites).
Approximate build time:
3.0 SBU
Required disk space:
587 MB
8.47.1. Installation of OpenSSL
Prepare OpenSSL for compilation:
./config --prefix=/usr \
--openssldir=/etc/ssl \
--libdir=lib \
shared \
zlib-dynamic
Compile the package:
make
To test the results, issue:
make test
One test, 30-test_afalg.t, is known to fail if the host kernel does
not have CONFIG_CRYPTO_USER_API_SKCIPHER
enabled, or does
not have any options providing an AES with CBC implementation (for
example, the combination of CONFIG_CRYPTO_AES
and CONFIG_CRYPTO_CBC
, or CONFIG_CRYPTO_AES_NI_INTEL
if the CPU supports
AES-NI) enabled. If it fails, it can safely be ignored.
Install the package:
sed -i '/INSTALL_LIBS/s/libcrypto.a libssl.a//' Makefile
make MANSUFFIX=ssl install
Add the version to the documentation directory name, to be
consistent with other packages:
mv -v /usr/share/doc/openssl /usr/share/doc/openssl-3.1.2
If desired, install some additional documentation:
cp -vfr doc/* /usr/share/doc/openssl-3.1.2
Note
You should update OpenSSL when a new version which fixes
vulnerabilities is announced. Since OpenSSL 3.0.0, the OpenSSL
versioning scheme follows the MAJOR.MINOR.PATCH format. API/ABI
compatibility is guaranteed for the same MAJOR version number.
Because LFS installs only the shared libraries, there is no need
to recompile packages which link to libcrypto.so
or libssl.so
when
upgrading to a version with the same MAJOR version
number.
If OpenSSH is installed, it will
be an exception of the general rule above. It contains an
over-restrictive OpenSSL version check, so both SSH client and
SSH server will refuse to start if OpenSSL is updated with MAJOR
version number unchanged but MINOR version number changed. You
need to rebuild OpenSSH after
such an upgrade. If OpenSSH is being used to access the system,
you must rebuild and reinstall it after upgrading OpenSSL to a
new MINOR version number before logout or you won't be able to
login via SSH anymore.
However, any running programs linked to those libraries need to
be stopped and restarted. Read the related entries in Section 8.2.1, “Upgrade
Issues” for details.