During this article, we will try to see how to compile and build the source of the OpenSSL library in order to generate both static and dynamic libraries and deployed in second time on our linux server machine.
#1. What’s OpenSSL ?
OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.Wikipedia
#2. How To Check Openssl Library Version In Linux ?
In order to confirm well that the openSSL is not already installed into our machine, we can execute this following command and see what it returns :
openssl versionAs we can see on the output terminal that the openSSL is not found and by the way not installed on our machine:
➜ ~ openssl version
zsh: command not found: openssl#3. How To Install OpenSSL Library Into Linux ?
In order to install the OpenSSL package that provides libraries and headers files for libssl and libcrypto, the following command shall be used:
– Debian/Ubuntu
sudo apt-get install opensslAs we can see bellow the result of the command:
➜ ~ apt-get install openssl
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
ca-certificates
The following NEW packages will be installed:
openssl
0 upgraded, 1 newly installed, 0 to remove and 21 not upgraded.
Need to get 850 kB of archives.
After this operation, 1500 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bullseye/main amd64 openssl amd64 1.1.1k-1 [850 kB]
Fetched 850 kB in 0s (2208 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package openssl.
(Reading database ... 26705 files and directories currently installed.)
Preparing to unpack .../openssl_1.1.1k-1_amd64.deb ...
Unpacking openssl (1.1.1k-1) ...
Setting up openssl (1.1.1k-1) ...
➜ ~ openssl version
OpenSSL 1.1.1k 25 Mar 2021
– RHEL/CentOs
sudo yum install opensslAs we can see bellow the result of the command:
➜ ~ openssl version
OpenSSL 1.1.1k 25 Mar 2021#4. How Build And Compile The Source Of Openssl Library ?
In order to build and compile the OpenSSL from source, you need to go to the official OpenSSL website and pick the latest library release ( openssl-3.0.0)
➜ ~ wget https://www.openssl.org/source/openssl-3.0.0.tar.gzAfter typing the command, the openssl package is downloaded as you can see bellow:
➜ ~ wget https://www.openssl.org/source/openssl-3.0.0.tar.gz
--2021-10-08 18:11:50-- https://www.openssl.org/source/openssl-3.0.0.tar.gz
Resolving www.openssl.org (www.openssl.org)... 23.61.93.14, 2a02:26f0:9100:28d::c1e, 2a02:26f0:9100:288::c1e
Connecting to www.openssl.org (www.openssl.org)|23.61.93.14|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14978663 (14M) [application/x-gzip]
Saving to: 'openssl-3.0.0.tar.gz'
openssl-3.0.0.tar.gz 100%[=====================================>] 14.28M 12.0MB/s in 1.2s
2021-10-08 18:11:51 (12.0 MB/s) - 'openssl-3.0.0.tar.gz' saved [14978663/14978663]
➜ ~ ll
total 15M
-rw-r--r-- 1 root root 15M Sep 7 12:00 openssl-3.0.0.tar.gzAt the beginning we unzip the downloaded package and navigate to the openssl directory:
➜ ~ tar xzf openssl-3.0.0.tar.gz
➜ ~ ll
total 15M
drwxrwxr-x 20 root root 4.0K Sep 7 11:46 openssl-3.0.0
-rwxrwxrwx 1 root root 15M Sep 7 12:00 openssl-3.0.0.tar.gz
➜ ~ cd openssl-3.0.0
➜ openssl-3.0.0 pwd
/root/openssl-3.0.0
➜ openssl-3.0.0 ll
total 1.3M
-rw-rw-r-- 1 root root 157 Sep 7 11:46 ACKNOWLEDGEMENTS.md
-rw-rw-r-- 1 root root 990 Sep 7 11:46 AUTHORS.md
-rw-rw-r-- 1 root root 699K Sep 7 11:46 CHANGES.md
-rw-rw-r-- 1 root root 4.3K Sep 7 11:46 CONTRIBUTING.md
drwxrwxr-x 3 root root 4.0K Sep 7 11:46 Configurations
-rwxrwxr-x 1 root root 133K Sep 7 11:46 Configure
-rw-rw-r-- 1 root root 197 Sep 7 11:46 FAQ.md
-rw-rw-r-- 1 root root 1.2K Sep 7 11:46 HACKING.md
-rw-rw-r-- 1 root root 62K Sep 7 11:46 INSTALL.md
-rw-rw-r-- 1 root root 10K Sep 7 11:46 LICENSE.txt
-rw-rw-r-- 1 root root 68K Sep 7 11:46 NEWS.md
-rw-rw-r-- 1 root root 4.5K Sep 7 11:46 NOTES-ANDROID.md
-rw-rw-r-- 1 root root 2.1K Sep 7 11:46 NOTES-DJGPP.md
-rw-rw-r-- 1 root root 9.9K Sep 7 11:46 NOTES-NONSTOP.md
-rw-rw-r-- 1 root root 4.9K Sep 7 11:46 NOTES-PERL.md
-rw-rw-r-- 1 root root 5.6K Sep 7 11:46 NOTES-UNIX.md
-rw-rw-r-- 1 root root 2.7K Sep 7 11:46 NOTES-VALGRIND.md
-rw-rw-r-- 1 root root 4.1K Sep 7 11:46 NOTES-VMS.md
-rw-rw-r-- 1 root root 8.9K Sep 7 11:46 NOTES-WINDOWS.md
-rw-rw-r-- 1 root root 16K Sep 7 11:46 README-ENGINES.md
-rw-rw-r-- 1 root root 2.8K Sep 7 11:46 README-FIPS.md
-rw-rw-r-- 1 root root 5.4K Sep 7 11:46 README-PROVIDERS.md
-rw-rw-r-- 1 root root 6.5K Sep 7 11:46 README.md
-rw-rw-r-- 1 root root 3.7K Sep 7 11:46 SUPPORT.md
-rw-rw-r-- 1 root root 99 Sep 7 11:46 VERSION.dat
drwxrwxr-x 2 root root 4.0K Sep 7 11:46 VMS
drwxrwxr-x 5 root root 4.0K Sep 7 11:46 apps
-rw-rw-r-- 1 root root 2.0K Sep 7 11:46 appveyor.yml
-rw-rw-r-- 1 root root 3.6K Sep 7 11:46 build.info
-rwxrwxr-x 1 root root 378 Sep 7 11:46 config
-rw-rw-r-- 1 root root 2.5K Sep 7 11:46 config.com
-rw-rw-r-- 1 root root 15K Sep 7 11:46 configdata.pm.in
drwxrwxr-x 69 root root 4.0K Sep 7 11:46 crypto
drwxrwxr-x 13 root root 4.0K Sep 7 11:46 demos
drwxrwxr-x 10 root root 4.0K Sep 7 11:46 doc
-rw-rw-r-- 1 root root 13K Sep 7 11:46 e_os.h
drwxrwxr-x 3 root root 4.0K Sep 7 11:46 engines
drwxrwxr-x 3 root root 4.0K Sep 7 11:46 external
drwxrwxr-x 2 root root 4.0K Sep 7 11:46 fuzz
drwxrwxr-x 5 root root 4.0K Sep 7 11:46 include
drwxrwxr-x 2 root root 4.0K Sep 7 11:46 ms
drwxrwxr-x 2 root root 4.0K Sep 7 11:46 os-dep
drwxrwxr-x 5 root root 4.0K Sep 7 11:46 providers
drwxrwxr-x 4 root root 4.0K Sep 7 11:46 ssl
drwxrwxr-x 11 root root 12K Sep 7 11:46 test
drwxrwxr-x 2 root root 4.0K Sep 7 11:46 tools
drwxrwxr-x 3 root root 4.0K Sep 7 11:46 util
drwxrwxr-x 2 root root 4.0K Sep 7 11:46 wycheproof– Build OpenSSL static library
Through these steps, we will build a static library from the OpenSSL source:
- Configure and compile OpenSSL with commands below:
➜ openssl-3.0.0 ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl -static zlibNote:
–prefix and –openssldir = Set the output path of the OpenSSL.
static = force to create a static library.
zlib = enable the compression using zlib library.
After command finishing execution you shall get the result bellow:
➜ openssl-3.0.0 ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl -static zlib
Configuring OpenSSL version 3.0.0 for target linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Running configdata.pm
Creating Makefile.in
Creating Makefile
**********************************************************************
*** ***
*** OpenSSL has been successfully configured ***
*** ***
*** If you encounter a problem while building, please open an ***
*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
*** and include the output from the following command: ***
*** ***
*** perl configdata.pm --dump ***
*** ***
*** (If you are new to OpenSSL, you might want to consult the ***
*** 'Troubleshooting' section in the INSTALL.md file first) ***
*** ***
**********************************************************************Launch the OpenSSL compilation by executing the make command bellow:
➜ openssl-3.0.0 makeThis is the result when compilation finished:
➜ openssl-3.0.0 make
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" "-oMakefile" include/crypto/bn_conf.h.in > include/crypto/bn_conf.h
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" "-oMakefile" include/crypto/dso_conf.h.in > include/crypto/dso_conf.h
...
...
As you can see the static libraries libcrypto.a and libssl.a are well generated.
In order to go fast in compilation, you can try to compile using multicore of your processor using this command bellow:
make -j(number of core)
– Build OpenSSL shared library
Through these steps, we will build a shared library from the OpenSSL source:
- Configure and compile OpenSSL with commands below:
➜ openssl-3.0.0 ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlibNote:
–prefix and –openssldir = Set the output path of the OpenSSL.
shared = force to create a shared library.
zlib = enable the compression using zlib library.
After command finishing execution you shall get the result bellow:
➜ openssl-3.0.0 ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
Configuring OpenSSL version 3.0.0 for target linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Running configdata.pm
Creating Makefile.in
Creating Makefile
**********************************************************************
*** ***
*** OpenSSL has been successfully configured ***
*** ***
*** If you encounter a problem while building, please open an ***
*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
*** and include the output from the following command: ***
*** ***
*** perl configdata.pm --dump ***
*** ***
*** (If you are new to OpenSSL, you might want to consult the ***
*** 'Troubleshooting' section in the INSTALL.md file first) ***
*** ***
**********************************************************************Launch the OpenSSL compilation by executing the make command bellow:
➜ openssl-3.0.0 makeThis is the result when compilation finished:
➜ openssl-3.0.0 make
...
...
gcc -Iinclude -Iapps/include -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_BUILDING_OPENSSL -DZLIB -DNDEBUG -MMD -MF test/x509aux-bin-x509aux.d.tmp -MT test/x509aux-bin-x509aux.o -c -o test/x509aux-bin-x509aux.o test/x509aux.c
rm -f test/x509aux
${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \
-o test/x509aux \
test/x509aux-bin-x509aux.o \
test/libtestutil.a -lcrypto -lz -ldl -pthread
rm -f "apps/CA.pl"
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" apps/CA.pl.in > "apps/CA.pl"
chmod a+x apps/CA.pl
rm -f "apps/tsget.pl"
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" apps/tsget.in > "apps/tsget.pl"
chmod a+x apps/tsget.pl
rm -f "tools/c_rehash"
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" tools/c_rehash.in > "tools/c_rehash"
chmod a+x tools/c_rehash
rm -f "util/shlib_wrap.sh"
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" util/shlib_wrap.sh.in > "util/shlib_wrap.sh"
chmod a+x util/shlib_wrap.sh
rm -f "util/wrap.pl"
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" util/wrap.pl.in > "util/wrap.pl"
chmod a+x util/wrap.pl
make[1]: Leaving directory '/root/openssl-3.0.0'
As you can see the static libraries libcrypto.so and libssl.so are well generated.
In order to go fast in compilation, you can try to compile using multicore of your processor using this command bellow:
make -j(number of core)
- Launch the installation OpenSSL by executing this command bellow:
➜ openssl-3.0.0 sudo make installAfter finishing the installation you can verify the version as shown bellow:
➜ openssl-3.0.0 /usr/local/ssl/bin/openssl version
OpenSSL 3.0.0 7 sep 2021 (Library: OpenSSL 3.0.0 7 sep 2021)Start building and compiling the OpenSSL using the CMake as shown bellow:
#. Use CMake to compile OpenSSL
cmake_minimum_required(VERSION 3.19.3)
### Project Information ###
project( STATIC_Libs
VERSION 0.1.1
LANGUAGES C
DESCRIPTION “Static Libraries”
)
#—————————————————–
# CMake instructions to build the Openssl static lib
#—————————————————–
set(OPENSSL_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/openssl-3.0.0/)
set(OPENSSL_BIN_DIR ${CMAKE_CURRENT_SOURCE_DIR}/Bin/)
add_custom_target( Openssl
DEPENDS libssl.a
)
add_custom_command( OUTPUT libssl.a
WORKING_DIRECTORY ${OPENSSL_SOURCE_DIR}
COMMAND ./config no-shared
COMMAND make
#COMMAND sudo make install
COMMAND cp libssl.a libcrypto.a ${OPENSSL_BIN_DIR}
COMMAND make clean
)➜ ~ ll
total 15M
drwxr-xr-x 2 root root 4.0K Oct 9 13:56 Bin
-rw-r--r-- 1 root root 1017 Oct 9 12:59 CMakeLists.txt
drwxrwxr-x 20 root root 4.0K Oct 8 22:44 openssl-3.0.0
-rwxrwxrwx 1 root root 15M Sep 7 12:00 openssl-3.0.0.tar.gz
➜ ~ cmake .
-- The C compiler identification is GNU 11.1.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Configuring done
-- Generating done
-- Build files have been written to: /root
➜ ~ ll
total 15M
drwxr-xr-x 2 root root 4.0K Oct 9 13:56 Bin
-rw-r--r-- 1 root root 13K Oct 9 13:03 CMakeCache.txt
drwxr-xr-x 5 root root 4.0K Oct 9 13:03 CMakeFiles
-rw-r--r-- 1 root root 1017 Oct 9 12:59 CMakeLists.txt
-rw-r--r-- 1 root root 4.3K Oct 9 13:03 Makefile
-rw-r--r-- 1 root root 1.6K Oct 9 13:03 cmake_install.cmake
drwxrwxr-x 20 root root 4.0K Oct 8 22:44 openssl-3.0.0
-rwxrwxrwx 1 root root 15M Sep 7 12:00 openssl-3.0.0.tar.gz
➜ ~ cmake --build . --target Openssl
[100%] Generating libssl.a
Configuring OpenSSL version 3.0.0 for target linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Running configdata.pm
Creating Makefile.in
Creating Makefile
**********************************************************************
*** ***
*** OpenSSL has been successfully configured ***
*** ***
*** If you encounter a problem while building, please open an ***
*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
*** and include the output from the following command: ***
*** ***
*** perl configdata.pm --dump ***
*** ***
*** (If you are new to OpenSSL, you might want to consult the ***
*** 'Troubleshooting' section in the INSTALL.md file first) ***
*** ***
**********************************************************************Conclusion
OpenSSL is a robust, complex, and comprehensive network library. Although this article only covers a the compilation and deployment of the library into a linux machine. In an other article, we covered advanced approaches and use cases of this library to generate signed certificate and public keys.
