title: Compiling openssl from source link: https://onemoretech.wordpress.com/2008/08/25/compiling-openssl-from-source/ author: lembobro description: post_id: 464 created: 2008/08/25 16:22:56 created_gmt: 2008/08/25 16:22:56 comment_status: open post_name: compiling-openssl-from-source status: publish post_type: post

Compiling openssl from source

Compiling basic infrastructure pieces like openssl isn’t something I do much anymore. It’s already part of RHEL, the primary distribution I work with, and the same is true for most modern open source O/S’s. Unfortunately, due to the typical NIH (Not Invented Here) syndrome that still afflicts most closed-source vendors, this is not true for older versions of Solaris and other proprietary O/S’s. Last week someone asked for help updating an Apache server on Solaris 8, and so, after a couple of false starts due to latent senility, we got it done.

Important Prereq: Make sure you have at least gcc 3.4.6 (RHEL 5 uses 4.1.2) and make 3.81 installed before proceeding. If the gcc libs don’t show up by doing a ldconfig -p, you’ll need to add them to your LD_LIBRARY_PATH with something like export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH. You’ll also need to make sure your PATH includes the location for make (for example export PATH=/usr/local/bin:$PATH, if make is in /usr/local/bin). There may be other build tools needed depending on what is already installed with your system (the reason why I always include all dev tools in my base RHEL installs).

1. First, you need to download the source.

The latest is openssl-0.9.8k.tar.gz, available from here.

2. Unpack the source and cd into it.

3. The most common way to begin building it is simply to run ./config, but this has the effect of eventually making it install to /usr/local/ssl and won’t create any of the share libraries many programs, like Apache, want. If I’m installing this as a stand-alone, especially where another version may already exist, I usually name the install directory for the version and ask that it create the shared libraries. This gives me the following:

`

./config
--prefix=/usr/local/openssl-0.9.8k
shared

`

The “prefix” parameter tells the script to install openssl to the path indicated, otherwise it will default to /usr/local/ssl. Be sure to include the “shared” option, as many other applications depend on the shared libraries being there (e.g. Apache’s HTTP server when compiled with shared module support).

4. Now run ./make and <code./make test`. Some of the tests in the latter will probably fail because the URLs they're directed at are obsolute.

5. Finally, as root, do a ./make install.

Check the install directory (here /usr/local/openssl-0.9.8k) to make sure all the expected files (and symlinks) are there. For example, the lib directory should look like this (except for the build datestamps):

`

-rw-r--r-- 1 root root 2800260 Aug 22 13:45 libcrypto.a
lrwxrwxrwx 1 root root      14 Aug 22 13:45 libcrypto.so -> libcrypto.so.0
lrwxrwxrwx 1 root root      18 Aug 22 13:45 libcrypto.so.0 -> libcrypto.so.0.9.8
-r-xr-xr-x 1 root root 1529889 Aug 22 13:45 libcrypto.so.0.9.8
-rw-r--r-- 1 root root  413358 Aug 22 13:45 libssl.a
lrwxrwxrwx 1 root root      11 Aug 22 13:45 libssl.so -> libssl.so.0
lrwxrwxrwx 1 root root      15 Aug 22 13:45 libssl.so.0 -> libssl.so.0.9.8
-r-xr-xr-x 1 root root  252586 Aug 22 13:45 libssl.so.0.9.8
drwxr-xr-x 2 root root    4096 Aug 22 13:45 pkgconfig

`

6. If you’re on an older O/S that doesn’t map libraries automatically or use ldconfig to let you configure up those mappings manually by editing ld.so.conf, then you’ll need to set the LD_LIBRARY_PATH variable to include the path to your new libraries (in our example, /usr/local/openssl-0.9.8k), for any app that will use them. For Apache I usually just put a line at the top of apachectl to do this, like:

LD_LIBRARY_PATH=/usr/local/lib:/usr/local/openssl-0.9.8k/lib: $LD_LIBRARY_PATH

7. Once you’ve done all this, verify everything is working by running openssl version from the command line (make sure you do this from the install bin directory or have it mapped in your PATH!). That should return a:

OpenSSL 0.9.8k 25 March 2009

Now you’re ready to compile apache, openldap or the dozens of other open source applications that can use openssl.

Copyright 2004-2019 Phil Lembo