%general-entities; ]> openssl &openssl-version;
&openssl-url;
OpenSSL-&openssl-version; OpenSSL <para>The OpenSSL package contains management tools and libraries relating to cryptography. These are useful for providing cryptographic functions to other packages, such as OpenSSH, email applications, and web browsers (for accessing HTTPS sites). </para> <segmentedlist> <segtitle>&buildtime;</segtitle> <segtitle>&diskspace;</segtitle> <seglistitem> <seg>&openssl-fin-sbu;</seg> <seg>&openssl-fin-du;</seg> </seglistitem> </segmentedlist> </sect2> <sect2 role="installation"> <title>Installation of OpenSSL Prepare OpenSSL for compilation: ./config --prefix=/usr \ --openssldir=/etc/ssl \ --libdir=lib \ shared \ zlib-dynamic Compile the package: make To test the results, issue: make test One test, 30-test_afalg.t, is known to fail if the host kernel does not have enabled, or does not have any options providing an AES with CBC implementation (for example, the combination of and , or if the CPU supports AES-NI) enabled. If it fails, it can safely be ignored. Install the package: sed -i '/INSTALL_LIBS/s/libcrypto.a libssl.a//' Makefile make MANSUFFIX=ssl install Add the version to the documentation directory name, to be consistent with other packages: mv -v /usr/share/doc/openssl /usr/share/doc/openssl-&openssl-version; If desired, install some additional documentation: cp -vfr doc/* /usr/share/doc/openssl-&openssl-version; You should update OpenSSL when a new version which fixes vulnerabilities is announced. Since OpenSSL 3.0.0, the OpenSSL versioning scheme follows the MAJOR.MINOR.PATCH format. API/ABI compatibility is guaranteed for the same MAJOR version number. Because LFS installs only the shared libraries, there is no need to recompile packages which link to libcrypto.so or libssl.so when upgrading to a version with the same MAJOR version number. If OpenSSH is installed, it will be an exception of the general rule above. It contains an over-restrictive OpenSSL version check, so both SSH client and SSH server will refuse to start if OpenSSL is updated with MAJOR version number unchanged but MINOR version number changed. You need to rebuild OpenSSH after such an upgrade. If OpenSSH is being used to access the system, you must rebuild and reinstall it after upgrading OpenSSL to a new MINOR version number before logout or you won't be able to login via SSH anymore. However, any running programs linked to those libraries need to be stopped and restarted. Read the related entries in for details. Contents of OpenSSL Installed programs Installed libraries Installed directories c_rehash and openssl libcrypto.so and libssl.so /etc/ssl, /usr/include/openssl, /usr/lib/engines and /usr/share/doc/openssl-&openssl-version; Short Descriptions c_rehash is a Perl script that scans all files in a directory and adds symbolic links to their hash values. Use of c_rehash is considered obsolete and should be replaced by openssl rehash command c_rehash openssl is a command-line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for various functions which are documented in man 1 openssl openssl libcrypto.so implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of SSL, TLS and S/MIME, and they have also been used to implement OpenSSH, OpenPGP, and other cryptographic standards libcrypto.so libssl.so implements the Transport Layer Security (TLS v1) protocol. It provides a rich API, documentation on which can be found by running man 7 ssl libssl.so