%general-entities; ]> openssl &openssl-version;
&openssl-url;
OpenSSL-&openssl-version; OpenSSL <para>The OpenSSL package contains management tools and libraries relating to cryptography. These are useful for providing cryptographic functions to other packages, such as OpenSSH, email applications, and web browsers (for accessing HTTPS sites). </para> <segmentedlist> <segtitle>&buildtime;</segtitle> <segtitle>&diskspace;</segtitle> <seglistitem> <seg>&openssl-fin-sbu;</seg> <seg>&openssl-fin-du;</seg> </seglistitem> </segmentedlist> </sect2> <sect2 role="installation"> <title>Installation of OpenSSL Prepare OpenSSL for compilation: ./config --prefix=/usr \ --openssldir=/etc/ssl \ --libdir=lib \ shared \ zlib-dynamic Compile the package: make To test the results, issue: make test One test 30-test_afalg.t is known to fail on some kernel configurations (it apparently assumes certain unspecified crypto options have been selected). Install the package: sed -i '/INSTALL_LIBS/s/libcrypto.a libssl.a//' Makefile make MANSUFFIX=ssl install Add the version to the documentation directory name, to be consistent with other packages: mv -v /usr/share/doc/openssl /usr/share/doc/openssl-&openssl-version; If desired, install some additional documentation: cp -vfr doc/* /usr/share/doc/openssl-&openssl-version; You should update OpenSSL when a new version which fixes vulnerabilities is announced. The releases run in series, with a letter for each release after the initial release (e.g. 1.1.1, 1.1.1a, 1.1.1b, etc). Because LFS installs only the shared libraries, there is no need to recompile packages which link to libcrypto.so or libssl.so when upgrading in the same series. However, any running programs linked to those libraries need to be stopped and restarted. The following command, run as root after udating, will list what is using the old versions of those libraries: grep -l -e 'libssl.*deleted' -e 'libcrypto.*deleted' /proc/*/maps | tr -cd 0-9\\n | xargs -r ps u If you used OpenSSH to login to the system, you need to logout, login again, and rerun that command to confirm nothing is still using the deleted libraries. Contents of OpenSSL Installed programs Installed libraries Installed directories c_rehash and openssl libcrypto.so and libssl.so /etc/ssl, /usr/include/openssl, /usr/lib/engines and /usr/share/doc/openssl-&openssl-version; Short Descriptions c_rehash is a Perl script that scans all files in a directory and adds symbolic links to their hash values c_rehash openssl is a command-line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for various functions which are documented in man 1 openssl openssl libcrypto.so implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of SSL, TLS and S/MIME, and they have also been used to implement OpenSSH, OpenPGP, and other cryptographic standards libcrypto.so libssl.so implements the Transport Layer Security (TLS v1) protocol. It provides a rich API, documentation on which can be found by running man 3 ssl libssl.so