The OpenSSL package contains management tools and libraries
relating to cryptography. These are useful for providing
cryptographic functions to other packages, such as OpenSSH, email
applications, and web browsers (for accessing HTTPS sites).
Approximate build time:
1.7 SBU
Required disk space:
883 MB
8.48.1. Installation of OpenSSL
Remove an outdated compiler option causing build failure:
sed 's/-mips3//' -i Configure
Prepare OpenSSL for compilation:
./config --prefix=/usr \
--openssldir=/etc/ssl \
--libdir=lib \
linux64-mips64 \
shared \
zlib-dynamic
Compile the package:
make
To test the results, issue:
HARNESS_JOBS=$(nproc)
make test
One test, 30-test_afalg.t, is known to fail if the host kernel does
not have CONFIG_CRYPTO_USER_API_SKCIPHER
enabled, or does
not have any options providing an AES with CBC implementation (for
example, the combination of CONFIG_CRYPTO_AES
and CONFIG_CRYPTO_CBC
, or CONFIG_CRYPTO_AES_NI_INTEL
if the CPU supports
AES-NI) enabled. If it fails, it can safely be ignored.
Install the package:
sed -i '/INSTALL_LIBS/s/libcrypto.a libssl.a//' Makefile
make MANSUFFIX=ssl install
Add the version to the documentation directory name, to be
consistent with other packages:
mv -v /usr/share/doc/openssl /usr/share/doc/openssl-3.3.2
If desired, install some additional documentation:
cp -vfr doc/* /usr/share/doc/openssl-3.3.2
Note
You should update OpenSSL when a new version which fixes
vulnerabilities is announced. Since OpenSSL 3.0.0, the OpenSSL
versioning scheme follows the MAJOR.MINOR.PATCH format. API/ABI
compatibility is guaranteed for the same MAJOR version number.
Because LFS installs only the shared libraries, there is no need
to recompile packages which link to libcrypto.so
or libssl.so
when
upgrading to a version with the same MAJOR version
number.
However, any running programs linked to those libraries need to
be stopped and restarted. Read the related entries in Section 8.2.1, “Upgrade
Issues” for details.