6.14. OpenSSL-0.9.8e

6.14.1. Installation of OpenSSL

Apply this patch to fix conflicts between OpenSSL manual pages and manual pages from other packages:

patch -Np1 -i ../openssl-0.9.8e-fix_manpages-1.patch

OpenSSL command line tools will try to use the $RANDFILE, $HOME/.rnd, or $(pwd)/.rnd files files to initially seed its random number generator. If none are found then the “PRNG not seeded” error message may occur. We can build OpenSSL with a contingency plan, to use /dev/urandom, instead of causing an error. This is optional:

sed -e 's/__OpenBSD__/__linux__/' -e 's/arandom/urandom/' \
    -i.orig crypto/rand/randfile.c

Use the issetugid() function we patched Glibc with:

sed 's/__OpenBSD__/__linux__/' -i.orig crypto/uid.c

Use the arc4random() function:

sed 's/__OpenBSD__/__linux__/' -i.orig crypto/rand/rand_unix.c

The as assembler program will incorrectly mark libcrypto.so as needing an executable stack, if OpenSSL is built with its assembly code. The following command adds an assembler option to mark the library correctly:

find crypto/ -name Makefile -exec \
    sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i.orig {} \;

You may wish to add extra -D definitions, such as NO_IDEA, NO_RC4, and NO_RC2 to disable weak alogorithms, REF_CHECK to add assertions, CRYPTO_MDEBUG and MFUNC to add extra memory checking code. Prepare OpenSSL for compilation:

./config --openssldir=/etc/ssl --prefix=/usr shared zlib-dynamic \
    -DSSL_FORBID_ENULL

Compile the package:

make MANDIR=/usr/share/man

To test the results, issue: make test.

Install the package:

make MANDIR=/usr/share/man install
cp -v -r certs /etc/ssl

Install the documentation:

install -v -d -m755 /usr/share/doc/openssl-0.9.8e
cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \
    /usr/share/doc/openssl-0.9.8e

Move the static libraries:

mv -v /usr/lib/{libcrypto,libssl}.a /usr/lib/static