General Libraries

Libraries contain code which is often required by more than one program. This has the advantage that each program doesn't need to duplicate code (and risk introducing bugs), it just has to call functions from the libraries installed on the system. The most obvious example of a set of libraries is glibc which is installed during the LFS book. This contains all of the C library functions which programs use.

There are two types of libraries: static and shared. Shared libraries (usually libXXX.so) are loaded into memory from the shared copy at runtime (hence the name). Static libraries (libXXX.a ) are actually linked into the program executable file itself, thus making the program file larger. Quite often, you will find both static and shared copies of the same library on your system.

Generally, you only need to install libraries when you are installing software that needs the functionality they supply. In the BLFS book, each package is presented with a list of (known) dependencies. Thus, you can figure out which libraries you need to have before installing that program. If you are installing something without using BLFS instructions, usually the README or INSTALL file will contain details of the program's requirements.

There are certain libraries which nearly everyone will need at some point. In this chapter we list these and some others and explain why you may want to install them.

OpenSSL-0.9.7d

Introduction to OpenSSL

The OpenSSL package contains management tools and libraries relating to cryptography. These are useful for providing cryptography functions to other packages, notably OpenSSH and web browsers (for accessing secure https sites).

Package information

Installation of OpenSSL

Install OpenSSL by running the following commands:

sed 's/^passwd/openssl-passwd/' doc/apps/passwd.pod \
    > doc/apps/openssl-passwd.pod &&
rm doc/apps/passwd.pod &&
mv doc/crypto/{,openssl_}threads.pod &&
sed -i -e 's/-m486/-march=i486/' Configure &&
./config --openssldir=/etc/ssl --prefix=/usr shared &&
make MANDIR=/usr/share/man &&
make MANDIR=/usr/share/man install &&
cp -r certs /etc/ssl &&
rmdir /etc/ssl/lib

Command explanations

no-rc5 no-idea: When added to the ./config command, this will eliminate the building of those encryption methods. Patent licenses may be needed for you to utilize either of those methods in your projects.

rm doc/apps/passwd.pod: This command prevents OpenSSL from installing its passwd man page over an existing man page with the same name.

mv doc/crypto/{,openssl_}threads.pod: This commands prevents OpenSSL from overwriting an existing man page from Perl.

sed -i -e 's/-m486/-march=i486/' Configure: GCC issues a warning on every compilation because the Configure command uses deprecated -m486 instead of -march=i486.

make MANDIR=/usr/share/man
make MANDIR=/usr/share/man install

These commands install OpenSSL with the man pages in /usr/share/man instead of the default which is /etc/ssl/man.

cp -r certs /etc/ssl: The certificates must be copied manually since the install script skips this step.

rmdir /etc/ssl/lib: This is simply a tidy-up command. For some reason, the openssl install routine creates the /etc/ssl/lib directory even though the libraries have been installed in /usr/lib. We remove it to keep things nice and tidy!

Configuring OpenSSL

Config files

/etc/ssl/openssl.cnf

Configuration Information

Most people who just want to use openssl for providing functions to other programs such as OpenSSH and web browsers won't need to worry about configuring OpenSSL. Configuring OpenSSL is an advanced topic and so those who do would normally be expected to either know how to do it or to be able to find out how to do it.

Contents

The OpenSSL package contains c_rehash, openssl, libcrypto libraries and libssl libraries.

Description

c_rehash

c_rehash is a Perl script that scans all files in a directory and adds symbolic links to their hash values.

openssl

The openssl program is a command-line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for various functions which are documented in man 1 openssl.

libcrypto

The OpenSSL crypto library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of SSL, TLS and S/MIME, and they have also been used to implement OpenSSH, OpenPGP , and other cryptographic standards.

libssl

The OpenSSL SSL library implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It provides a rich API, documentation on which can be found by running man 3 ssl.