Beyond Linux^® From Scratch - Version 8.1

Chapter 4. Security

Prev
OpenSSH-7.5p1
Next
OpenSSL-1.0.2l
Up
Home

OpenSSL-1.1.0f

Introduction to OpenSSL

The OpenSSL package contains management tools and libraries relating to cryptography. These are useful for providing cryptographic functions to other packages, such as OpenSSH, email applications and web browsers (for accessing HTTPS sites).

This package is known to build and work properly using an LFS-8.1 platform.

Package Information

Download (HTTP): https://openssl.org/source/openssl-1.1.0f.tar.gz
Download (FTP): ftp://openssl.org/source/openssl-1.1.0f.tar.gz
Download MD5 sum: 7b521dea79ab159e8ec879d2333369fa
Download size: 5.1 MB
Estimated disk space required: 70 MB (with tests)
Estimated build time: 1.5 SBU (with tests)

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/OpenSSL

Installation of OpenSSL

Install OpenSSL with the following commands:

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         --libdir=lib          \
         shared                \
         zlib-dynamic &&
make

To test the results, issue: make test.

If you want to disable installing the static libraries, use this sed:

sed -i 's# libcrypto.a##;s# libssl.a##;/INSTALL_LIBS/s#libcrypto.a##' Makefile

Now, as the root user:

make MANSUFFIX=ssl install           &&
mv -v /usr/share/doc/openssl{,-1.1.0f} &&
cp -vfr doc/* /usr/share/doc/openssl-1.1.0f

Command Explanations

shared: This parameter forces the creation of shared libraries along with the static libraries.

zlib-dynamic: This parameter adds compression/decompression functionality using the libz library.

no-rc5 no-idea: When added to the ./config command, this will eliminate the building of those encryption methods. Patent licenses may be needed for you to utilize either of those methods in your projects.

make MANSUFFIX=ssl install: This command appends an "ssl" suffix to the manual page names to avoid conflicts with manual pages installed by other packages.

Configuring OpenSSL

Config Files

/etc/ssl/openssl.cnf

Configuration Information

Most users will want to install Certificate Authority Certificates for validation of downloaded certificates. For example, these certificates can be used by git-2.14.1, cURL-7.55.1 or Wget-1.19.1 when accessing secure (https protocol) sites. To do this, follow the instructions from the Certificate Authority Certificates page.

Users who just want to use OpenSSL for providing functions to other programs such as OpenSSH and web browsers do not need to worry about additional configuration. This is an advanced topic and those who do need it would normally be expected to either know how to properly update /etc/ssl/openssl.cnf or be able to find out how to do it.

Contents

Installed Programs: c_rehash and openssl

Installed Libraries: libcrypto.{so,a} and libssl.{so,a}

Installed Directories: /etc/ssl, /usr/include/openssl, /usr/lib/engines and /usr/share/doc/openssl-1.1.0f

Short Descriptions

c_rehash	is a Perl script that scans all files in a directory and adds symbolic links to their hash values.
openssl	is a command-line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for various functions which are documented in man 1 openssl.
`libcrypto.{so,a}`	implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of SSL, TLS and S/MIME, and they have also been used to implement OpenSSH, OpenPGP, and other cryptographic standards.
`libssl.{so,a}`	implements the Transport Layer Security (TLS v1) protocol. It provides a rich API, documentation on which can be found by running man 3 ssl.

Last updated on 2017-08-16 21:41:37 -0700

Prev
OpenSSH-7.5p1
Next
OpenSSL-1.0.2l
Up
Home