OpenSSL-0.9.8k
Introduction to OpenSSL
The OpenSSL package contains
management tools and libraries relating to cryptography. These are
useful for providing cryptography functions to other packages,
notably OpenSSH, email
applications and web browsers (for accessing HTTPS sites).
This package is known to build and work properly using an LFS-6.5
platform.
Package Information
Additional Downloads
OpenSSL Dependencies
Recommended
bc-1.06 (if you run the test suite during the build)
Optional
MIT
Kerberos V5-1.6 or Heimdal-1.1
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/OpenSSL
Installation of OpenSSL
Install OpenSSL by running the
following commands:
patch -Np1 -i ../openssl-0.9.8k-fix_manpages-1.patch &&
tar -vxf ../BLFS-ca-bundle-20090409.tar.bz2 &&
./config --prefix=/usr \
--openssldir=/etc/ssl \
shared \
zlib-dynamic &&
make
To test the results, issue: make
test.
Now, as the root user:
make MANDIR=/usr/share/man install &&
cp -v -r certs /etc/ssl &&
install -v -d -m755 /usr/share/doc/openssl-0.9.8k &&
cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \
/usr/share/doc/openssl-0.9.8k
While still the root user, create a
single file that contains all of the installed certificates:
for pem in /etc/ssl/certs/*.pem
do
cat $pem
echo ""
done > /etc/ssl/ca-bundle.crt
Command Explanations
tar -vxf
../BLFS-ca-bundle-20090409.tar.bz2: OpenSSL no longer includes any root
certificates. This package adds root certificates as provided by
mozilla.org.
shared: This parameter
forces the creation of shared libraries along with the static
libraries.
zlib-dynamic: This
parameter adds compression/decompression functionality using the
libz library.
no-rc5 no-idea: When added to the
./config command,
this will eliminate the building of those encryption methods.
Patent licenses may be needed for you to utilize either of those
methods in your projects.
make MANDIR=/usr/share/man
install: This command installs OpenSSL with the man pages in /usr/share/man instead of /etc/ssl/man.
cp -v -r certs
/etc/ssl: This installs both the sample
certificates and documentation included with OpenSSL, and the certificates that were
extracted from the BLFS-ca-bundle-20090409 package.
for pem in
/etc/ssl/certs/*.pem...: This group of commands
creates a single-file certificate bundle (/etc/ssl/ca-bundle.crt) that is usable by many
other software packages. ca-bundle.crt should be recreated anytime that a
certificate is added to /etc/ssl/certs.
Configuring OpenSSL
Config Files
/etc/ssl/openssl.cnf
Configuration Information
Most people who just want to use OpenSSL for providing functions to other
programs such as OpenSSH and web
browsers won't need to worry about configuring OpenSSL. Configuring OpenSSL is an advanced topic and so those
who do would normally be expected to either know how to do it or
to be able to find out how to do it.
Contents
Installed Programs:
c_rehash and openssl
Installed Libraries:
libcrypto.{so,a}, libssl.{so,a}, and
additional encryption libraries in /usr/lib/engines/
(lib4758cca.so, libaep.so, libatalla.so, libcapi.so,
libchil.so, libcswift.so, libgmp.so, libnuron.so,
libsureware.so, and libubsec.so)
Installed Directories:
/etc/ssl, /usr/include/ssl,
/usr/lib/engines and /usr/share/doc/openssl-0.9.8k
Short Descriptions
|
c_rehash
|
is a Perl script that
scans all files in a directory and adds symbolic links to
their hash values.
|
|
openssl
|
is a command-line tool for using the various cryptography
functions of OpenSSL's
crypto library from the shell. It can be used for various
functions which are documented in man 1 openssl.
|
|
libcrypto.{so,a}
|
implements a wide range of cryptographic algorithms used
in various Internet standards. The services provided by
this library are used by the OpenSSL implementations of SSL, TLS
and S/MIME, and they have also been used to implement
OpenSSH, OpenPGP, and other cryptographic
standards.
|
|
libssl.{so,a}
|
implements the Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols. It provides
a rich API, documentation on which can be found by
running man 3
ssl.
|
Last updated on 2009-10-09 02:16:08 +0000