Compiling basic infrastructure pieces like openssl isn’t something I do much anymore. It’s already part of RHEL, the primary distribution I work with, and the same is true for most modern open source O/S’s. Unfortunately, due to the typical NIH (Not Invented Here) syndrome that still afflicts most closed-source vendors, this is not true for older versions of Solaris and other proprietary O/S’s. Last week someone asked for help updating an Apache server on Solaris 8, and so, after a couple of false starts due to latent senility, we got it done.
Important Prereq: Make sure you have at least gcc 3.4.6 (RHEL 5 uses 4.1.2) and make 3.81 installed before proceeding. If the gcc libs don’t show up by doing a ldconfig -p, you’ll need to add them to your LD_LIBRARY_PATH with something like export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH. You’ll also need to make sure your PATH includes the location for make (for example export PATH=/usr/local/bin:$PATH, if make is in /usr/local/bin). There may be other build tools needed depending on what is already installed with your system (the reason why I always include all dev tools in my base RHEL installs).
1. First, you need to download the source.
The latest is openssl-0.9.8h.tar.gz, available from here.
2. Unpack the source and cd into it.
3. The most common way to begin building it is simply to run ./config, but this has the effect of eventually making it install to /usr/local/ssl and won’t create any of the share libraries many programs, like Apache, want. If I’m installing this as a stand-alone, especially where another version may already exist, I usually name the install directory for the version and ask that it create the shared libraries. This gives me the following:
./config \
--prefix=/usr/local/openssl-0.9.8h \
--openssldir=/usr/local/openssl-0.9.8h \
shared
The “openssldir” parameter tells the configurator to put all binaries and libraries into the custom directory, instead of scattering them around /usr/bin and /usr/lib, as it would otherwise do.
4. Now run ./make and
5. Finally, as root, do a ./make install.
Check the install directory (here /usr/local/openssl-0.9.8h) to make sure all the expected files (and symlinks) are there. For example, the lib directory should look like this (except for the build datestamps):
-rw-r--r-- 1 root root 2800260 Aug 22 13:45 libcrypto.a
lrwxrwxrwx 1 root root 14 Aug 22 13:45 libcrypto.so -> libcrypto.so.0
lrwxrwxrwx 1 root root 18 Aug 22 13:45 libcrypto.so.0 -> libcrypto.so.0.9.8
-r-xr-xr-x 1 root root 1529889 Aug 22 13:45 libcrypto.so.0.9.8
-rw-r--r-- 1 root root 413358 Aug 22 13:45 libssl.a
lrwxrwxrwx 1 root root 11 Aug 22 13:45 libssl.so -> libssl.so.0
lrwxrwxrwx 1 root root 15 Aug 22 13:45 libssl.so.0 -> libssl.so.0.9.8
-r-xr-xr-x 1 root root 252586 Aug 22 13:45 libssl.so.0.9.8
drwxr-xr-x 2 root root 4096 Aug 22 13:45 pkgconfig
6. If you’re on an older O/S that doesn’t map libraries automatically or use ldconfig to let you configure up those mappings manually by editing ld.so.conf, then you’ll need to set the LD_LIBRARY_PATH variable to include the path to your new libraries (in our example, /usr/local/openssl-0.9.8h), for any app that will use them. For Apache I usually just put a line at the top of apachectl to do this, like:
LD_LIBRARY_PATH=/usr/local/openssl-0.9.8h/lib:$LD_LIBRARY_PATH
7. Once you’ve done all this, verify everything is working by running openssl version from the command line (make sure you do this from the install bin directory or have it mapped in your PATH!). That should return a:
OpenSSL 0.9.8h 28 May 2008
Now you’re ready to compile apache, openldapl or the dozens of other open source applications that can use openssl.