Checking the installed OpenSSL
Checking the version of Raspbian Jessie installed.
pi@raspberrypi:~ $ uname -a
pi@raspberrypi:~ $ uname -a Linux raspberrypi 4.9.35+ #1014 Fri Jun 30 14:34:49 BST 2017 armv6l GNU/Linux
To check the OpenSSL version that is being used by the system.
pi@raspberrypi:~ $ apt-cache policy openssl
pi@raspberrypi:~ $ apt-cache policy openssl openssl: Installed: 1.0.1t-1+deb8u6 Candidate: 1.0.1t-1+deb8u6 Version table: *** 1.0.1t-1+deb8u6 0 500 http://mirrordirector.raspbian.org/raspbian/ jessie/main armhf Packages 100 /var/lib/dpkg/status
To find the location where openssl is located.
pi@raspberrypi:~ $ whereis openssl
pi@raspberrypi:~ $ whereis openssl openssl: /usr/bin/openssl /usr/share/man/man1/openssl.1ssl.gz
pi@raspberrypi:~ $ /usr/bin/openssl version
pi@raspberrypi:~ $ /usr/bin/openssl version OpenSSL 1.0.1t 3 May 2016
Important note on SSL security vulnerability
On Monday, April 7th 2014, an OpenSSL vulnerability was disclosed which has been called one of the worst security holes in recent internet history. The bug, called the Heartbleed bug, was introduced in OpenSSL version 1.0.1. It has been in the wild since March of 2012 and is patched with OpenSSL version 1.0.1g released on April 7th 2014. The problem, tagged CVE-2014-0160, is described in detail here.
The bug allows any attacker to read the memory of a vulnerable host, which means that any keys that have been used on a host with a vulnerable version of OpenSSL should be considered compromised. Distributions have been updating their packages and pushing out updates, but users need to pull down the most recent packages and revoke any previous keys based on insecure versions.
Reference:
How to Protect Your Server Against the Heartbleed OpenSSL Vulnerability
https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-heartbleed-openssl-vulnerability
Get the source of OpenSSL
Note, this is step is required for building mosquitto auth plugin..
pi@raspberrypi:~ $ wget http://www.openssl.org/source/openssl-1.0.1t.tar.gz
pi@raspberrypi:~ $ cd openssl-1.0.1t
pi@raspberrypi:~/openssl-1.0.1t $ make depend
pi@raspberrypi:~/openssl-1.0.1t $ /usr/local/openssl/bin/openssl version OpenSSL 1.0.1t 3 May 2016
The version is the same as that comes pre-installed with the Raspbian Jessie Lite system.
Upgrade OpenSSL to the latest distribution packages
Long Term Support (LTS) - Which version to install?
From openssl.org (https://www.openssl.org/source/)
The latest stable version is the 1.1.0 series. The 1.0.2 series is our Long Term Support (LTS) release, supported until 31st December 2019. The 0.9.8, 1.0.0 and 1.0.1 versions are now out of support and should not be used.
Upgrade to the LTS version
--------------------------------------------------------------------------------------------------------------------------
3rd Attempt - not working!!
Reference: http://home.bmensinkbits.nl/raspberry-pi-update-openssl/
Add the following two lines into /etc/apt/sources.list using the below command.
pi@raspberrypi:~ $ sudo nano /etc/apt/sources.list
deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi
deb http://archive.raspbian.org/raspbian jessie main contrib non-free rpiNote,
Below is the content of my "/etc/apt/sources.list".
Since "deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi" is already in place, I will only add "deb http://archive.raspbian.org/raspbian jessie main contrib non-free rpi" to the file.
deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi # Uncomment line below then 'apt-get update' to enable 'apt-get source' #deb-src http://archive.raspbian.org/raspbian/ jessie main contrib non-free rpi
Below is the content of "/etc/apt/sources.list" after the addition.
deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi deb http://archive.raspbian.org/raspbian jessie main contrib non-free rpi # Uncomment line below then 'apt-get update' to enable 'apt-get source' #deb-src http://archive.raspbian.org/raspbian/ jessie main contrib non-free rpi
Edit the file "/etc/apt/preferences" (create the file if doesn’t exist) to tell apt in which repositories it should look to do an update. We put jessie on a high priority so that when you use apt-get update it will use the repo for jessie and ignore the repo.
pi@raspberrypi:~ $ sudo nano /etc/apt/preferences
Below is the content of "/etc/apt/preferences" after the modification.
Package: * Pin: release n=jessie Pin-Priority: 900
Now, at your free will you can tell apt to use jessie instead.
pi@raspberrypi:~ $ sudo apt-get update
pi@raspberrypi:~ $ sudo apt-get -t jessie install openssl libssl1.0.2 openssh-client openssh-server ssh
Check the openssl version.
pi@raspberrypi:~ $ openssl version
pi@raspberrypi:~ $ openssl version OpenSSL 1.0.1t 3 May 2016
It's still the same 1.0.1t version.
--------------------------------------------------------------------------------------------------------------------------
2nd Attempt - not working!!
Reference: https://stackoverflow.com/a/3153183/7755584
pi@raspberrypi:~ $ wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz
pi@raspberrypi:~ $ wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz --2017-08-27 07:15:54-- https://www.openssl.org/source/openssl-1.0.2l.tar.gz Resolving www.openssl.org (www.openssl.org)... 104.116.13.79, 2600:1417:1b:184::c1e, 2600:1417:1b:192::c1e Connecting to www.openssl.org (www.openssl.org)|104.116.13.79|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 5365054 (5.1M) [application/x-gzip] Saving to: ‘openssl-1.0.2l.tar.gz’ openssl-1.0.2l.tar.gz 100%[===============================================>] 5.12M 1.30MB/s in 4.1s 2017-08-27 07:15:59 (1.25 MB/s) - ‘openssl-1.0.2l.tar.gz’ saved [5365054/5365054]
pi@raspberrypi:~ $ tar -xvzf openssl-1.0.2l.tar.gz
pi@raspberrypi:~ $ cd openssl-1.0.2l
pi@raspberrypi:~/openssl-1.0.2l $ ./config Operating system: armv6l-whatever-linux2 Configuring for linux-armv4 Configuring for linux-armv4 no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir) no-gmp [default] OPENSSL_NO_GMP (skip dir) no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir) no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5 no-libunbound [experimental] OPENSSL_NO_LIBUNBOUND (skip dir) no-md2 [default] OPENSSL_NO_MD2 (skip dir) no-rc5 [default] OPENSSL_NO_RC5 (skip dir) no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir) no-sctp [default] OPENSSL_NO_SCTP (skip dir) no-shared [default] no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir) no-ssl2 [default] OPENSSL_NO_SSL2 (skip dir) no-store [experimental] OPENSSL_NO_STORE (skip dir) no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir) no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir) no-zlib [default] no-zlib-dynamic [default] IsMK1MF=0 CC =gcc CFLAG =-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -O3 -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM EX_LIBS =-ldl CPUID_OBJ =armcap.o armv4cpuid.o BN_ASM =bn_asm.o armv4-mont.o armv4-gf2m.o EC_ASM = DES_ENC =des_enc.o fcrypt_b.o AES_ENC =aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o BF_ENC =bf_enc.o CAST_ENC =c_enc.o RC4_ENC =rc4_enc.o rc4_skey.o RC5_ENC =rc5_enc.o MD5_OBJ_ASM = SHA1_OBJ_ASM =sha1-armv4-large.o sha256-armv4.o sha512-armv4.o RMD160_OBJ_ASM= CMLL_ENC =camellia.o cmll_misc.o cmll_cbc.o MODES_OBJ =ghash-armv4.o ghashv8-armx.o ENGINES_OBJ = PROCESSOR = RANLIB =/usr/bin/ranlib ARFLAGS = PERL =/usr/bin/perl THIRTY_TWO_BIT mode DES_UNROLL used DES_INT used BN_LLONG mode RC4 uses uchar RC4_CHUNK is unsigned long BF_PTR used created directory `include/openssl' e_os2.h => include/openssl/e_os2.h making links in crypto... make[1]: Entering directory '/home/pi/openssl-1.0.2l/crypto' crypto.h => ../include/openssl/crypto.h opensslv.h => ../include/openssl/opensslv.h opensslconf.h => ../include/openssl/opensslconf.h ebcdic.h => ../include/openssl/ebcdic.h symhacks.h => ../include/openssl/symhacks.h ossl_typ.h => ../include/openssl/ossl_typ.h constant_time_test.c => ../test/constant_time_test.c making links in crypto/objects... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/objects' objects.h => ../../include/openssl/objects.h obj_mac.h => ../../include/openssl/obj_mac.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/objects' making links in crypto/md4... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/md4' md4.h => ../../include/openssl/md4.h md4test.c => ../../test/md4test.c md4.c => ../../apps/md4.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/md4' making links in crypto/md5... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/md5' md5.h => ../../include/openssl/md5.h md5test.c => ../../test/md5test.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/md5' making links in crypto/sha... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/sha' sha.h => ../../include/openssl/sha.h shatest.c => ../../test/shatest.c sha1test.c => ../../test/sha1test.c sha256t.c => ../../test/sha256t.c sha512t.c => ../../test/sha512t.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/sha' making links in crypto/mdc2... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/mdc2' mdc2.h => ../../include/openssl/mdc2.h mdc2test.c => ../../test/mdc2test.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/mdc2' making links in crypto/hmac... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/hmac' hmac.h => ../../include/openssl/hmac.h hmactest.c => ../../test/hmactest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/hmac' making links in crypto/ripemd... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/ripemd' ripemd.h => ../../include/openssl/ripemd.h rmdtest.c => ../../test/rmdtest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/ripemd' making links in crypto/whrlpool... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/whrlpool' whrlpool.h => ../../include/openssl/whrlpool.h wp_test.c => ../../test/wp_test.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/whrlpool' making links in crypto/des... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/des' des.h => ../../include/openssl/des.h des_old.h => ../../include/openssl/des_old.h destest.c => ../../test/destest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/des' making links in crypto/aes... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/aes' aes.h => ../../include/openssl/aes.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/aes' making links in crypto/rc2... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/rc2' rc2.h => ../../include/openssl/rc2.h rc2test.c => ../../test/rc2test.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/rc2' making links in crypto/rc4... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/rc4' rc4.h => ../../include/openssl/rc4.h rc4test.c => ../../test/rc4test.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/rc4' making links in crypto/idea... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/idea' idea.h => ../../include/openssl/idea.h ideatest.c => ../../test/ideatest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/idea' making links in crypto/bf... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/bf' blowfish.h => ../../include/openssl/blowfish.h bftest.c => ../../test/bftest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/bf' making links in crypto/cast... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/cast' cast.h => ../../include/openssl/cast.h casttest.c => ../../test/casttest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/cast' making links in crypto/camellia... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/camellia' camellia.h => ../../include/openssl/camellia.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/camellia' making links in crypto/seed... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/seed' seed.h => ../../include/openssl/seed.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/seed' making links in crypto/modes... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/modes' modes.h => ../../include/openssl/modes.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/modes' making links in crypto/bn... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/bn' bn.h => ../../include/openssl/bn.h bntest.c => ../../test/bntest.c exptest.c => ../../test/exptest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/bn' making links in crypto/ec... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/ec' ec.h => ../../include/openssl/ec.h ectest.c => ../../test/ectest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/ec' making links in crypto/rsa... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/rsa' rsa.h => ../../include/openssl/rsa.h rsa_test.c => ../../test/rsa_test.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/rsa' making links in crypto/dsa... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/dsa' dsa.h => ../../include/openssl/dsa.h dsatest.c => ../../test/dsatest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/dsa' making links in crypto/ecdsa... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/ecdsa' ecdsa.h => ../../include/openssl/ecdsa.h ecdsatest.c => ../../test/ecdsatest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/ecdsa' making links in crypto/dh... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/dh' dh.h => ../../include/openssl/dh.h dhtest.c => ../../test/dhtest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/dh' making links in crypto/ecdh... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/ecdh' ecdh.h => ../../include/openssl/ecdh.h ecdhtest.c => ../../test/ecdhtest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/ecdh' making links in crypto/dso... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/dso' dso.h => ../../include/openssl/dso.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/dso' making links in crypto/engine... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/engine' engine.h => ../../include/openssl/engine.h enginetest.c => ../../test/enginetest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/engine' making links in crypto/buffer... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/buffer' buffer.h => ../../include/openssl/buffer.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/buffer' making links in crypto/bio... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/bio' bio.h => ../../include/openssl/bio.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/bio' making links in crypto/stack... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/stack' stack.h => ../../include/openssl/stack.h safestack.h => ../../include/openssl/safestack.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/stack' making links in crypto/lhash... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/lhash' lhash.h => ../../include/openssl/lhash.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/lhash' making links in crypto/rand... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/rand' rand.h => ../../include/openssl/rand.h randtest.c => ../../test/randtest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/rand' making links in crypto/err... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/err' err.h => ../../include/openssl/err.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/err' making links in crypto/evp... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/evp' evp.h => ../../include/openssl/evp.h evp_test.c => ../../test/evp_test.c evp_extra_test.c => ../../test/evp_extra_test.c evptests.txt -> ../../test/evptests.txt make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/evp' making links in crypto/asn1... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/asn1' asn1.h => ../../include/openssl/asn1.h asn1_mac.h => ../../include/openssl/asn1_mac.h asn1t.h => ../../include/openssl/asn1t.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/asn1' making links in crypto/pem... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/pem' pem.h => ../../include/openssl/pem.h pem2.h => ../../include/openssl/pem2.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/pem' making links in crypto/x509... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/x509' x509.h => ../../include/openssl/x509.h x509_vfy.h => ../../include/openssl/x509_vfy.h verify_extra_test.c => ../../test/verify_extra_test.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/x509' making links in crypto/x509v3... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/x509v3' x509v3.h => ../../include/openssl/x509v3.h v3nametest.c => ../../test/v3nametest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/x509v3' making links in crypto/conf... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/conf' conf.h => ../../include/openssl/conf.h conf_api.h => ../../include/openssl/conf_api.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/conf' making links in crypto/txt_db... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/txt_db' txt_db.h => ../../include/openssl/txt_db.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/txt_db' making links in crypto/pkcs7... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/pkcs7' pkcs7.h => ../../include/openssl/pkcs7.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/pkcs7' making links in crypto/pkcs12... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/pkcs12' pkcs12.h => ../../include/openssl/pkcs12.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/pkcs12' making links in crypto/comp... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/comp' comp.h => ../../include/openssl/comp.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/comp' making links in crypto/ocsp... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/ocsp' ocsp.h => ../../include/openssl/ocsp.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/ocsp' making links in crypto/ui... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/ui' ui.h => ../../include/openssl/ui.h ui_compat.h => ../../include/openssl/ui_compat.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/ui' making links in crypto/krb5... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/krb5' krb5_asn.h => ../../include/openssl/krb5_asn.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/krb5' making links in crypto/cms... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/cms' cms.h => ../../include/openssl/cms.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/cms' making links in crypto/pqueue... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/pqueue' pqueue.h => ../../include/openssl/pqueue.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/pqueue' making links in crypto/ts... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/ts' ts.h => ../../include/openssl/ts.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/ts' making links in crypto/srp... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/srp' srp.h => ../../include/openssl/srp.h srptest.c => ../../test/srptest.c make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/srp' making links in crypto/cmac... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/cmac' cmac.h => ../../include/openssl/cmac.h make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/cmac' make[1]: Leaving directory '/home/pi/openssl-1.0.2l/crypto' making links in ssl... make[1]: Entering directory '/home/pi/openssl-1.0.2l/ssl' ssl.h => ../include/openssl/ssl.h ssl2.h => ../include/openssl/ssl2.h ssl3.h => ../include/openssl/ssl3.h ssl23.h => ../include/openssl/ssl23.h tls1.h => ../include/openssl/tls1.h dtls1.h => ../include/openssl/dtls1.h kssl.h => ../include/openssl/kssl.h srtp.h => ../include/openssl/srtp.h ssltest.c => ../test/ssltest.c heartbeat_test.c => ../test/heartbeat_test.c clienthellotest.c => ../test/clienthellotest.c sslv2conftest.c => ../test/sslv2conftest.c dtlstest.c => ../test/dtlstest.c bad_dtls_test.c => ../test/bad_dtls_test.c make[1]: Leaving directory '/home/pi/openssl-1.0.2l/ssl' making links in engines... make[1]: Entering directory '/home/pi/openssl-1.0.2l/engines' making links in engines/ccgost... make[2]: Entering directory '/home/pi/openssl-1.0.2l/engines/ccgost' make[2]: Nothing to be done for 'links'. make[2]: Leaving directory '/home/pi/openssl-1.0.2l/engines/ccgost' make[1]: Leaving directory '/home/pi/openssl-1.0.2l/engines' making links in apps... make[1]: Entering directory '/home/pi/openssl-1.0.2l/apps' make[1]: Nothing to be done for 'links'. make[1]: Leaving directory '/home/pi/openssl-1.0.2l/apps' making links in test... make[1]: Entering directory '/home/pi/openssl-1.0.2l/test' make[1]: Nothing to be done for 'links'. make[1]: Leaving directory '/home/pi/openssl-1.0.2l/test' making links in tools... make[1]: Entering directory '/home/pi/openssl-1.0.2l/tools' make[1]: Nothing to be done for 'links'. make[1]: Leaving directory '/home/pi/openssl-1.0.2l/tools' generating dummy tests (if needed)... make[1]: Entering directory '/home/pi/openssl-1.0.2l/test' md2test.c => dummytest.c rc5test.c => dummytest.c jpaketest.c => dummytest.c make[1]: Leaving directory '/home/pi/openssl-1.0.2l/test' Configured for linux-armv4.
Compile and install the packages. It will take about an hour to complete.
pi@raspberrypi:~/openssl-1.0.2l $ sudo make install
Below are the last few lines of output from running the above command.
make[2]: Leaving directory '/home/pi/openssl-1.0.2l/engines/ccgost' make[1]: Leaving directory '/home/pi/openssl-1.0.2l/engines' making install in apps... make[1]: Entering directory '/home/pi/openssl-1.0.2l/apps' installing openssl installing CA.sh installing CA.pl installing tsget make[1]: Leaving directory '/home/pi/openssl-1.0.2l/apps' making install in test... make[1]: Entering directory '/home/pi/openssl-1.0.2l/test' make[1]: Nothing to be done for 'install'. make[1]: Leaving directory '/home/pi/openssl-1.0.2l/test' making install in tools... make[1]: Entering directory '/home/pi/openssl-1.0.2l/tools' make[1]: Leaving directory '/home/pi/openssl-1.0.2l/tools' installing libcrypto.a installing libssl.a cp libcrypto.pc /usr/local/ssl/lib/pkgconfig chmod 644 /usr/local/ssl/lib/pkgconfig/libcrypto.pc cp libssl.pc /usr/local/ssl/lib/pkgconfig chmod 644 /usr/local/ssl/lib/pkgconfig/libssl.pc cp openssl.pc /usr/local/ssl/lib/pkgconfig chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc
pi@raspberrypi:~/openssl-1.0.2l $ sudo make install_sw
pi@raspberrypi:~/openssl-1.0.2l $ sudo make install_sw making install in crypto... make[1]: Entering directory '/home/pi/openssl-1.0.2l/crypto' making install in crypto/objects... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/objects' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/objects' making install in crypto/md4... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/md4' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/md4' making install in crypto/md5... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/md5' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/md5' making install in crypto/sha... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/sha' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/sha' making install in crypto/mdc2... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/mdc2' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/mdc2' making install in crypto/hmac... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/hmac' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/hmac' making install in crypto/ripemd... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/ripemd' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/ripemd' making install in crypto/whrlpool... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/whrlpool' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/whrlpool' making install in crypto/des... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/des' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/des' making install in crypto/aes... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/aes' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/aes' making install in crypto/rc2... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/rc2' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/rc2' making install in crypto/rc4... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/rc4' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/rc4' making install in crypto/idea... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/idea' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/idea' making install in crypto/bf... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/bf' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/bf' making install in crypto/cast... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/cast' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/cast' making install in crypto/camellia... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/camellia' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/camellia' making install in crypto/seed... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/seed' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/seed' making install in crypto/modes... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/modes' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/modes' making install in crypto/bn... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/bn' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/bn' making install in crypto/ec... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/ec' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/ec' making install in crypto/rsa... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/rsa' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/rsa' making install in crypto/dsa... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/dsa' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/dsa' making install in crypto/ecdsa... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/ecdsa' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/ecdsa' making install in crypto/dh... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/dh' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/dh' making install in crypto/ecdh... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/ecdh' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/ecdh' making install in crypto/dso... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/dso' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/dso' making install in crypto/engine... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/engine' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/engine' making install in crypto/buffer... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/buffer' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/buffer' making install in crypto/bio... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/bio' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/bio' making install in crypto/stack... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/stack' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/stack' making install in crypto/lhash... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/lhash' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/lhash' making install in crypto/rand... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/rand' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/rand' making install in crypto/err... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/err' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/err' making install in crypto/evp... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/evp' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/evp' making install in crypto/asn1... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/asn1' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/asn1' making install in crypto/pem... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/pem' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/pem' making install in crypto/x509... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/x509' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/x509' making install in crypto/x509v3... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/x509v3' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/x509v3' making install in crypto/conf... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/conf' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/conf' making install in crypto/txt_db... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/txt_db' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/txt_db' making install in crypto/pkcs7... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/pkcs7' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/pkcs7' making install in crypto/pkcs12... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/pkcs12' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/pkcs12' making install in crypto/comp... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/comp' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/comp' making install in crypto/ocsp... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/ocsp' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/ocsp' making install in crypto/ui... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/ui' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/ui' making install in crypto/krb5... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/krb5' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/krb5' making install in crypto/cms... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/cms' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/cms' making install in crypto/pqueue... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/pqueue' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/pqueue' making install in crypto/ts... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/ts' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/ts' making install in crypto/srp... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/srp' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/srp' making install in crypto/cmac... make[2]: Entering directory '/home/pi/openssl-1.0.2l/crypto/cmac' make[2]: Leaving directory '/home/pi/openssl-1.0.2l/crypto/cmac' make[1]: Leaving directory '/home/pi/openssl-1.0.2l/crypto' making install in ssl... make[1]: Entering directory '/home/pi/openssl-1.0.2l/ssl' make[1]: Leaving directory '/home/pi/openssl-1.0.2l/ssl' making install in engines... make[1]: Entering directory '/home/pi/openssl-1.0.2l/engines' making install in engines/ccgost... make[2]: Entering directory '/home/pi/openssl-1.0.2l/engines/ccgost' [ -n "/usr/local/ssl" ] # should be set by top Makefile... if [ -n "" ]; then \ set -e; \ echo installing gost; \ pfx=lib; \ if expr "linux-armv4" : "Cygwin" >/dev/null; then \ sfx=".so"; \ cp cyggost.dll /usr/local/ssl/lib/engines/${pfx}gost$sfx.new; \ else \ case "-I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -O3 -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM" in \ *DSO_BEOS*) sfx=".so";; \ *DSO_DLFCN*) sfx=`expr ".so.1.0.0" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \ *DSO_DL*) sfx=".sl";; \ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ *) sfx=".bad";; \ esac; \ cp ${pfx}gost$sfx /usr/local/ssl/lib/engines/${pfx}gost$sfx.new; \ fi; \ chmod 555 /usr/local/ssl/lib/engines/${pfx}gost$sfx.new; \ mv -f /usr/local/ssl/lib/engines/${pfx}gost$sfx.new /usr/local/ssl/lib/engines/${pfx}gost$sfx; \ fi make[2]: Leaving directory '/home/pi/openssl-1.0.2l/engines/ccgost' make[1]: Leaving directory '/home/pi/openssl-1.0.2l/engines' making install in apps... make[1]: Entering directory '/home/pi/openssl-1.0.2l/apps' installing openssl installing CA.sh installing CA.pl installing tsget make[1]: Leaving directory '/home/pi/openssl-1.0.2l/apps' making install in test... make[1]: Entering directory '/home/pi/openssl-1.0.2l/test' make[1]: Nothing to be done for 'install'. make[1]: Leaving directory '/home/pi/openssl-1.0.2l/test' making install in tools... make[1]: Entering directory '/home/pi/openssl-1.0.2l/tools' make[1]: Leaving directory '/home/pi/openssl-1.0.2l/tools' installing libcrypto.a installing libssl.a cp libcrypto.pc /usr/local/ssl/lib/pkgconfig chmod 644 /usr/local/ssl/lib/pkgconfig/libcrypto.pc cp libssl.pc /usr/local/ssl/lib/pkgconfig chmod 644 /usr/local/ssl/lib/pkgconfig/libssl.pc cp openssl.pc /usr/local/ssl/lib/pkgconfig chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc
--------------------------------------------------------------------------------------------------------------------------
1st Attempt - not working!!
Use the 2 commands below to upgrade the installed OpenSSL packages to the latest available distribution packagers.
pi@raspberrypi:~ $ sudo apt-get update
pi@raspberrypi:~ $ sudo apt-get dist-upgrade
Check the openssl version after dist-upgrade.
pi@raspberrypi:~ $ apt-cache policy openssl
pi@raspberrypi:~ $ apt-cache policy openssl
openssl:
Installed: 1.0.1t-1+deb8u6
Candidate: 1.0.1t-1+deb8u6
Version table:
*** 1.0.1t-1+deb8u6 0
500 http://mirrordirector.raspbian.org/raspbian/ jessie/main armhf Packages
100 /var/lib/dpkg/status
No comments:
Post a Comment