10

How do I install OpenSSL 1.0.2 version in Debian (Raspberry Pi3) OS. It just installs OpenSSL 1.0.1 automatically. I require version later than this i.e. 1.0.2* which supports DTLS.

Please help how to install latest version

Jyoti Raj Sharma
  • 141
  • 1
  • 2
  • 7
  • I know Debian's jessie-backports includes 1.0.2 - never tried installing it on a pi, but you could try adding deb http://ftp.debian.org/debian jessie-backports main to /etc/apt/sources.list – Jaromanda X May 07 '17 at 01:52
  • My question is how do I upgrade to new openssl version (i.e.latest openssl version 1.0.2* or higher which supports DTLS) ? My current setting in Pi3 is /usr/lib/arm-linux-gnueabihf/openssl-1.0.0. It seems this version does not support DTLS as I am getting 'DTLS_Server_method' not found as below: AttributeError: /usr/lib/arm-linux-gnueabihf/libssl.so.1.0.0: undefined symbol: DTLS_server_method. – Jyoti Raj Sharma May 10 '17 at 17:03
  • Continue..... step 1: I put 'deb http://ftp.debian.org/debian jessie-backports main' inside /etc/apt/source.list step 2: sudo apt-get update step 3: apt-get -t jessie-backports install "package" Question 1: what should be the package name ? I am not able to find. Question 2: After that I tried installing 'sudo apt-get install openssl' but still install openssl.1.0.0 which does not have DTLS method. Question 3: How do I upgrade to new openssl version (i.e.latest openssl version 1.0.2* or higher which supports DTLS) ? – Jyoti Raj Sharma May 10 '17 at 17:14
  • on second thoughts, don't use debian backports, because they'll probably break something anyway – Jaromanda X May 10 '17 at 23:58

2 Answers2

6

If you really need it but can't obtain it from the repos, you could always try compiling from source. Install git and build-essentials (if you don't have it already) and run the following:

git clone git://git.openssl.org/openssl.git --depth 1
cd openssl
./config
make
make test
sudo make install

NOTE: On some distros (e.g. Ubuntu 19.10), you may need to run the config step as ./config --prefix=/usr. This puts the compiled binaries in /usr/bin, not /usr/local/bin.

Itachi
  • 103
  • 3
randomdude999
  • 410
  • 3
  • 12
  • Thanks for your comment.

    Will this method dynamically link to /usr/bin/openssl ? Last time, I installed similarly but after installation, I could not see libssl.1.0.0 when I checked for $ ldd /usr/bin/openssl. Please help to confirm.

     – Jyoti Raj Sharma May 09 '17 at 19:39
  • 1
    It probably puts it in /usr/local/bin/openssl, that is a standard for user-compiled applications. If you really need it in /usr, replace ./config with ./config --prefix=/usr – randomdude999 May 10 '17 at 20:23
  • I want to install inside /usr/lib/arm-linux-gnueabhihf as my Raspberry pi is taking openssl lib from this path. Will the following command work ? $ ./config --prefix=/usr/lib/arm-linux-gnueabihf --openssldir=/usr/lib/arm-linux-gnueabihf – Jyoti Raj Sharma May 11 '17 at 04:00
  • I'm not really sure. The prefix will set the main prefix, setting that to /usr/lib/arm-linux-gnueabihf will create subfolders bin, lib and share inside it. That is probably not what you want. If the distibution openssl puts the libs in /usr/lib/arm-linux-whatever then the self-compiled version will probably also do that. – randomdude999 May 11 '17 at 04:28
  • @randomdude999 you should add a note about the install prefix. Things worked for me when I set the prefix to /usr. – VarunAgrawal Jun 22 '19 at 16:58
1

Debian jessie-backports would contain the required openssl with version 1.0.2. However you should not directly install the package from jessie-backports since it was compiled for ARMv7-A while Raspbian is compiled for ARMv6. Luckily, you can get the source from jessie-backports and build packages with the proper compiler options for Raspbian.

Using the cross compilation toolchain described here you can proceed as follows:

Add jessie-backports sources to your apt sources list:

echo "deb-src http://httpredir.debian.org/debian jessie-backports main contrib non-free" | sudo tee /etc/apt/sources.list.d/jessie-backports.list
sudo apt update

Get the openssl source code from jessie-backports:

apt-get source openssl/jessie-backports

Build the openssl Debian packages:

cd openssl-1.0.2k/
export DEB_BUILD_OPTIONS=nocheck; debuild -us -uc -aarmhf

Copy the resulting packages to your Raspberry Pi:

scp libssl1.0.0_1.0.2k-1~bpo8+1_armhf.deb  pi@raspberrypi:
scp openssl_1.0.2k-1~bpo8+1_armhf.deb pi@raspberrypi:

Enter the Raspberry Pi and install the new packages:

ssh pi@raspberrypi
sudo dpkg -i libssl1.0.0_1.0.2k-1~bpo8+1_armhf.deb
sudo dpkg -i openssl_1.0.2k-1~bpo8+1_armhf.deb

Notes:

  • Do not forget to recompile your openssl packages as soon as there are security updates!
  • Installing Debian packages is a lot cleaner than doing a make install.
  • If you do not want to install a cross compilation toolchain, you can also do the above steps directly on a Raspberry Pi. On the Pi 3 Model B the compilation takes about 35 minutes.
Matthias Lüscher
  • 156
  • 1
  • 5
  • I will try with this method. Thanks for your comment. – Jyoti Raj Sharma May 15 '17 at 18:06
  • Is it safe to use debian backport? The first post suggests not to use backport as it might break something. Please suggest. – Jyoti Raj Sharma Jul 30 '17 at 05:51
  • You should definitely not take binaries from jessie-backports as they are compiled for a slightly different CPU. However, you can take the source code from jessie-backports and compile it for the Raspbian CPU. This is what is being described above - and from my point of view this should be ok. – Matthias Lüscher Jul 31 '17 at 21:03