How to compile and install newest version of openssl in Ubuntu 14.04 LTS 64-bit via github

Posted: 2015/01/10 in Security, Ubuntu
Tags: , , , ,
#compile and install newest version of openssl in Ubuntu 14.04 LTS
cd
sudo DEBIAN_FRONTEND=noninteractive apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get --yes --force-yes install checkinstall build-essential
sudo DEBIAN_FRONTEND=noninteractive apt-get --yes --force-yes build-dep openssl
sudo rm -rf ~/openssl
git clone https://github.com/openssl/openssl.git
cd openssl
sudo ./config
sudo make
sudo make test
sudo checkinstall
sudo rm -rf ~/openssl
sudo mv /usr/bin/c_rehash /usr/bin/c_rehashBACKUP
sudo mv /usr/bin/openssl /usr/bin/opensslBACKUP
sudo ln -s /usr/local/bin/c_rehash /usr/bin/c_rehash
sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
openssl version
apt-cache show openssl
Advertisements
Comments
  1. Dave says:

    Hello Mark, thanks for this post.
    I followed your procedure, however, if the command ‘openssl version’ returns the newly built version, the command ‘apt-cache shown openssl’ still returns the pre-packaged Ubuntu 14.04 version (1.0.1f). Is this normal, or is there a way to force the use of the new bins ?

  2. mark911 says:

    This is normal. The output of the

    apt-cache show openssl

    should be similar to the output below. So it should show several packages, including the newly built Version: 1.1.0-1

    Notice that only ONE of the packages in the list below (Version: 1.1.0-1 ) has the status “Status: install ok installed” and the description “Package created with checkinstall 1.6.2”

    There are enough indications in the output below that the package was built and installed.

    The other packages in the Terminal output are available in the repositories, but NOT installed.

    Package: openssl
    Status: install ok installed
    Priority: extra
    Section: System Environment/Libraries
    Installed-Size: 17424
    Maintainer: root
    Architecture: amd64
    Version: 1.1.0-1
    Provides: ssl
    Depends: openssl
    Conffiles:
    /etc/ssl/openssl.cnf 7df26c55291b33344dc15e3935dabaf3 obsolete
    Description: Secure Sockets Layer and cryptography libraries and tools
    Package created with checkinstall 1.6.2
    Description-md5: 523d3c3c3cf8217418bf2636ed7d880b

    Package: openssl
    Priority: standard
    Section: utils
    Installed-Size: 907
    Maintainer: Ubuntu Developers
    Original-Maintainer: Debian OpenSSL Team
    Architecture: amd64
    Version: 1.0.1f-1ubuntu2.15
    Depends: libc6 (>= 2.15), libssl1.0.0 (>= 1.0.1)
    Suggests: ca-certificates
    Filename: pool/main/o/openssl/openssl_1.0.1f-1ubuntu2.15_amd64.deb
    Size: 488948
    MD5sum: 17fbe55e55f2d8743d52349d3857d7a7
    SHA1: 269c50f179d402ad6a09f68ff6c4f7a01999437c
    SHA256: f8fffd241b79ccacf2055a45191616186b740e139b6728dfb52d48104fd84ae5
    Description-en: Secure Sockets Layer toolkit – cryptographic utility
    This package is part of the OpenSSL project’s implementation of the SSL
    and TLS cryptographic protocols for secure communication over the
    Internet.
    .
    It contains the general-purpose command line binary /usr/bin/openssl,
    useful for cryptographic operations such as:
    * creating RSA, DH, and DSA key parameters;
    * creating X.509 certificates, CSRs, and CRLs;
    * calculating message digests;
    * encrypting and decrypting with ciphers;
    * testing SSL/TLS clients and servers;
    * handling S/MIME signed or encrypted mail.
    Description-md5: 9b6de2bb6e1d9016aeb0f00bcf6617bd
    Bugs: https://bugs.launchpad.net/ubuntu/+filebug
    Origin: Ubuntu
    Supported: 5y
    Task: standard, kubuntu-active, kubuntu-active, mythbuntu-frontend, mythbuntu-frontend, mythbuntu-desktop, mythbuntu-backend-slave, mythbuntu-backend-slave, mythbuntu-backend-master, mythbuntu-backend-master

    Package: openssl
    Priority: standard
    Section: utils
    Installed-Size: 906
    Maintainer: Ubuntu Developers
    Original-Maintainer: Debian OpenSSL Team
    Architecture: amd64
    Version: 1.0.1f-1ubuntu2.12
    Depends: libc6 (>= 2.15), libssl1.0.0 (>= 1.0.1)
    Suggests: ca-certificates
    Filename: pool/main/o/openssl/openssl_1.0.1f-1ubuntu2.12_amd64.deb
    Size: 488386
    MD5sum: 72add19c7f598529af9cd61720d0a54c
    SHA1: e41fc41225ce167402c8ef434133ec55d43df898
    SHA256: 508619c3fd0e18e73ba31b67423ba79c07fc55d3250cd9bc5799bf70a08703e4
    Description-en: Secure Sockets Layer toolkit – cryptographic utility
    This package is part of the OpenSSL project’s implementation of the SSL
    and TLS cryptographic protocols for secure communication over the
    Internet.
    .
    It contains the general-purpose command line binary /usr/bin/openssl,
    useful for cryptographic operations such as:
    * creating RSA, DH, and DSA key parameters;
    * creating X.509 certificates, CSRs, and CRLs;
    * calculating message digests;
    * encrypting and decrypting with ciphers;
    * testing SSL/TLS clients and servers;
    * handling S/MIME signed or encrypted mail.
    Description-md5: 9b6de2bb6e1d9016aeb0f00bcf6617bd
    Bugs: https://bugs.launchpad.net/ubuntu/+filebug
    Origin: Ubuntu
    Supported: 5y
    Task: standard, kubuntu-active, kubuntu-active, mythbuntu-frontend, mythbuntu-frontend, mythbuntu-desktop, mythbuntu-backend-slave, mythbuntu-backend-slave, mythbuntu-backend-master, mythbuntu-backend-master

    Package: openssl
    Priority: standard
    Section: utils
    Installed-Size: 906
    Maintainer: Ubuntu Developers
    Original-Maintainer: Debian OpenSSL Team
    Architecture: amd64
    Version: 1.0.1f-1ubuntu2
    Depends: libc6 (>= 2.15), libssl1.0.0 (>= 1.0.1)
    Suggests: ca-certificates
    Filename: pool/main/o/openssl/openssl_1.0.1f-1ubuntu2_amd64.deb
    Size: 488794
    MD5sum: 1b5db436c766395ad3294a77b6e55eeb
    SHA1: 9c520d33edb1f4a438ad77cbc69f7eac2844a019
    SHA256: 648eaa5aa2a5cf4a66b55ff25a05c3bcb4433a984a1bf99e2830fb055fa40b6e
    Description-en: Secure Sockets Layer toolkit – cryptographic utility
    This package is part of the OpenSSL project’s implementation of the SSL
    and TLS cryptographic protocols for secure communication over the
    Internet.
    .
    It contains the general-purpose command line binary /usr/bin/openssl,
    useful for cryptographic operations such as:
    * creating RSA, DH, and DSA key parameters;
    * creating X.509 certificates, CSRs, and CRLs;
    * calculating message digests;
    * encrypting and decrypting with ciphers;
    * testing SSL/TLS clients and servers;
    * handling S/MIME signed or encrypted mail.
    Description-md5: 9b6de2bb6e1d9016aeb0f00bcf6617bd
    Bugs: https://bugs.launchpad.net/ubuntu/+filebug
    Origin: Ubuntu
    Supported: 5y
    Task: standard, kubuntu-active, kubuntu-active, mythbuntu-frontend, mythbuntu-frontend, mythbuntu-desktop, mythbuntu-backend-slave, mythbuntu-backend-slave, mythbuntu-backend-master, mythbuntu-backend-master

  3. Albert says:

    My symbolic link wasn’t working anymore, needed
    sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
    Otherwise it’s working very well, thanks!

  4. Loleitors says:

    Tried to do this with Ubuntu 15.04, but in the lines:

    sudo mv /usr/bin/c_rehash /usr/bin/c_rehashBACKUP
    sudo mv /usr/bin/openssl /usr/bin/opensslBACKUP

    An error appeared, not allowing me to continue. I made instead:

    sudo mv /usr/local/bin/c_rehash /usr/local/bin/c_rehashBACKUP
    sudo mv /usr/local/bin/openssl /usr/local/bin/opensslBACKUP

    and then continued with the others steps but when tried “openssl version” this appeared:

    The program ‘openssl’ is currently not installed. You can install it by typing:
    apt-get install openssl

    I tried then “opensslBACKUP version” and it worked. What can I do? Thank you.

  5. mark911 says:

    @Loleitors: if you simply follow the original procedure and ignore the errors, it should work fine. The command sudo mv /usr/bin/openssl /usr/bin/opensslBACKUP is just to ensure that the official openssl package contents do not interfere with the newly compiled version of openssl. There is no need to start changing commands, as it only breaks the procedure….
    Furthermore, please read this: https://wiki.ubuntu.com/Releases

    Ubuntu 15.04 is end-of-life and not supported anymore since February, 2016. I suggest installing Ubuntu 16.04.1 which is supported until the year 2021. Then rerun the ORIGINAL procedure in Ubuntu 16.04.1

  6. Julian Fletcher says:

    General Question
    Is it possible to compile and overwrite the original openssl within Ubuntu ?
    With a number of openssl updates addressing security issues being released – it would be great to use the latest version rather than a much older version than comes with the distribution…

    Or is it the case that the original version that comes with a distribution is too deeply embedded (linked to?) that it cant be updated… And so a later version has to sit in parallel… (and custom apps linked to it specifically)

    Thanks

    Julian

    • mark911 says:

      @Julian Fletcher : I thought my procedure already takes care of all that, especially because I use checkinstall to create a new Ubuntu package.
      Here is my Terminal output after following this installation procedure:

      > openssl version
      OpenSSL 1.1.1-dev xx XXX xxxx

      > apt-cache policy openssl
      openssl:
      Installed: 20170109-1
      Candidate: 20170109-1
      Version table:
      *** 20170109-1 100
      100 /var/lib/dpkg/status
      1.0.2g-1ubuntu4.5 500
      500 http://be.archive.ubuntu.com/ubuntu xenial-security/main amd64 Packages
      500 http://be.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
      1.0.2g-1ubuntu4 500
      500 http://be.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

      So I do not see the problem…. Furthermore, this procedure works in Ubuntu 16.04.1 as well.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s