ERROR: Slooooow dooooown... this page load was delayed.
openssl-3.0 - The Open Source toolkit for SSL/TLS, version 3.0.x
ChangeLog
HOWTO
# OpenSSL 3.0.18 (2025-02-11, current LTS version)
# ==============
# See the main OpenSSL HOWTO for information that applies to all releases
# OpenSSL 3.0.x is a LTS (long term support) release and it is supported
# until 2026-09-07
# All 3.x.x releases are API/ABI compatible
# openssl-announce: Openssl Release Announcement for 3.4.1, 3.3.3, 3.2.4, 3.1.8, 3.0.16
# GitHub Release: OpenSSL 3.0.16
# OpenSSL 3.0 Series Release Notes
# GitHub: OpenSSL 3.0 NEWS.md
# GitHub: OpenSSL 3.0 CHANGES.md
# OpenSSL 3.0 Documentation
# - man1 man pages (commands)
# - man3 man pages (libraries)
# - man5 man pages (file formats)
# - man7 man pages (overviews)
# + OpenSSL migration guide (from older to 3.0)
# Prerequisites:
# Perl
# bc (for certain 'make test' tests)
# If you need more info about the default path changes of 1.0.x to 1.1.x,
# see the OpenSSL 1.1 HOWTO
# Get the tarball
cd
test -f installed/openssl-3.0.16.tar.gz &&
mv installed/openssl-3.0.16.tar.gz .
test ! -f openssl-3.0.16.tar.gz &&
wget https://github.com/openssl/openssl/releases/download/openssl-3.0.16/\
openssl-3.0.16.tar.gz
# Confirm that the size of the file matches
test "15334967" = $(stat -c %s openssl-3.0.16.tar.gz) &&
echo "Yey!" || echo Boo
# Verify tarball w/ sha256sum:
echo "57e03c50feab5d31b152af2b764f10379aecd8ee92f16c985983ce4a99f7ef\
86 openssl-3.0.16.tar.gz" | sha256sum -c
# Verify tarball w/ cksum:
echo "57e03c50feab5d31b152af2b764f10379aecd8ee92f16c985983ce4a99f7ef\
86 openssl-3.0.16.tar.gz" | cksum -a sha256 -c
# Verify tarball w/ another OpenSSL:
echo "57e03c50feab5d31b152af2b764f10379aecd8ee92f16c985983ce4a99f7ef86" &&
openssl sha256 openssl-3.0.16.tar.gz | cut -d' ' -f2
# Verify tarball w/ gpg:
( gpg --list-keys BA5473A2B0587B07FB27CF2D216094DFD0CB81EF > /dev/null 2>&1 ||
gpg --recv-keys BA5473A2B0587B07FB27CF2D216094DFD0CB81EF ) &&
wget -nc https://github.com/openssl/openssl/releases/download/\
openssl-3.0.16/openssl-3.0.16.tar.gz.asc &&
gpg --verify openssl-3.0.16.tar.gz.asc && rm openssl-3.0.16.tar.gz.asc
# Extract it
mkdir -p -m 0700 ~/src
cd ~/src
find -maxdepth 1 -type d -name "openssl-*" -exec rm -r {} \;
tar xzvf ~/openssl-3.0.16.tar.gz
cd openssl-3.0.16
test $UID = 0 && chown -R root:root .
## Configure and then build it
## If you have pandoc installed, you can run something like this to convert
## the .md files to another format
# pandoc -o README.txt README.md
# pandoc -s -o README.html README.md
# pandoc -o README.pdf README.md
# Read these:
# less ./README.md
# less ./INSTALL.md
# OpenSSL Wiki - Compilation and Installation
#
# Be aware, OpenSSL does _not_ use autoconf, automake, libtool, etc.
# If upgrading, read:
# less ./CHANGES.md for full details and NEWS.md for a brief summary
# If you run configure with --libdir=lib64, anywhere lib is shown will become
# lib64.
#
# If you want to go with the default, don't specify --prefix or
# --openssldir, or do specify them and use
# --prefix=/usr/local and --openssldir=/usr/local/ssl
#
# If you want to install it where Slackware does, use --prefix=/usr
# --openssldir=/etc/ssl
#
# OpenSSL is used by so many things that I purposely use /usr/local
# to minimize the chance of breaking lots of things when upgrading it
# from a Slackware packaged release to a source release (or self-created
# package). I've been doing it this way for a long, long time, it's
# easier to just keep doing it...
# If you do _not_ want shared libraries, use 'no-shared'
# If you are upgrading from 1.1.1 to 3.0.16, shared library files go from
# libcrypto.so.1.1 and libssl.so.1.1 to lib*.so.3 There are symlinks such
# as libcrypto.so.1 and libssl.so.1, but anything linked to the real
# filenames like libssl.so.1.1 will be broken if you remove those old files.
# Safer to not remove the old ones.
#
# If you install OpenSSL 3.0.x and then go to build something using it,
# and see warnings like these:
# warning: libssl.so.1.1, needed by /usr/lib64/libldap-x.x.so.x,
# may conflict with libssl.so.3
# That specific one tells you that you need to rebuild and install OpenLDAP
# Configure it for 64-bit systems
test $(uname -m) = "x86_64" && ./config --libdir=lib64 enable-fips
# Configure it for anything else
test $(uname -m) != "x86_64" && ./config enable-fips
# Do this if you want to change the man page location from $prefix/share/man
# to $prefix/man (/usr/local/man) and the doc location from $prefix/share/doc
# to $prefix/doc (/usr/local/doc). If you have /usr/local/share/{doc,man}
# -> /usr/local/{doc,man} symlinks, not necessary. You can also pass
# DOCDIR and MANDIR to 'make install'
#
# I use the wildcard matching only so it will fit on an 80 character line.
# Verify the changes by running:
# diff -u Makefile.old Makefile
sed -i.old Makefile \
-e 's%^MANDIR=\(.*\)/share/man$%MANDIR=\1/man%' \
-e 's%^DOCDIR=\(.*\)/share/doc/\(.*\)$%DOCDIR=\1/doc/\2%'
# Build it
make
# Test the build
# [ launching a mock server as a non-root user, ports that are already in
# use, etc. may cause issues with certain tests... ]
make test
# Now become root to install it
su
## Remove the Slackware package, if there is one
# If you are installing OpenSSL from source using the default prefix,
# and you have a bunch of things running using a /usr prefix OpenSSL such
# as the Slackware package, the safer bet while still being able to use
# the new one would probably be to only remove the openssl package, leaving
# the openssl-solibs package installed. If you know for sure that nothing
# is using the shared libraries from openssl-solibs, then remove that
# as well. Once you recompile everything, it will use the newer
# version of OpenSSL libraries, assuming it supports that version.
test -x /sbin/removepkg && /sbin/removepkg openssl
# Remove old doc files before installing new ones
test -d /usr/local/doc/openssl && rm -r /usr/local/doc/openssl
test -d /usr/local/share/doc/openssl && rm -r /usr/local/share/doc/openssl
test -d /usr/local/ssl/share/doc && rm -r /usr/local/ssl/share/doc
test -d /usr/local/ssl/doc && find /usr/local/ssl/doc -type f -exec rm {} \;
find /usr/local/doc -maxdepth 1 -type d -name "openssl-*" -exec rm -r {} \;
find /usr/doc -maxdepth 1 -type d -name "openssl-*" -exec rm -r {} \;
# If you have an old distribution-installed OpenSSL with a /etc/ssl
# configuration directory, back that up and remove it... but
# SKIP THIS IF you have symlinked /usr/local/ssl/certs to /etc/ssl/certs
# to use the certs in Slackware's ca-certificates or something else
# from the openssl-solibs package.
# (or back up and remove everything other than certs in there)
test ! -f /var/adm/packages/ca-certificates* &&
test -d /etc/ssl &&
( mkdir -p -m 0700 ~/backup/etc-ssl-$(date +%Y%m%d)
cp -a /etc/ssl/* ~/backup/etc-ssl-$(date +&Y%m%d)/
rm -r /etc/ssl )
# If /usr/local/ssl/certs is a symlink, remove it temporarily
# ('make install' failed in previous releases)
test -L /usr/local/ssl/certs && rm /usr/local/ssl/certs
# Install the new version
# If you altered the Makefile above, 'make install' is fine
# If not, add this after 'make install'
# DOCDIR=/usr/local/doc/openssl MANDIR=/usr/local/man
make install
# If you used --prefix=/usr this time, you do not need to update
# /etc/ld.so.conf for the library files to be located
# If you used the default OpenSSL prefix (/usr/local), which would put
# library files in /usr/local/lib*/, make sure that /usr/local/lib* is set
# in /etc/ld.so.conf
FOO=lib
test $(uname -m) = "x86_64" && FOO=lib64
test -d /usr/local/${FOO} &&
( egrep -q "^/usr/local/${FOO}$" /etc/ld.so.conf ||
echo "/usr/local/${FOO}" >> /etc/ld.so.conf )
unset FOO
# If you used /usr/local/ssl for everything this time, make sure that
# /usr/local/ssl/lib* (lib or lib64) is set in /etc/ld.so.conf
FOO=lib
test $(uname -m) = "x86_64" && FOO=lib64
test -d /usr/local/ssl/${FOO} &&
( egrep -q "^/usr/local/ssl/${FOO}$" /etc/ld.so.conf ||
echo "/usr/local/ssl/${FOO}" >> /etc/ld.so.conf )
unset FOO
# Make sure all of the OpenSSL 3.x symbolic links are there
FOO=lib
test $(uname -m) = "x86_64" && FOO=lib64
for pfx in /usr/local/ssl /usr/local; do
test -d ${pfx}/${FOO} &&
( cd ${pfx}/${FOO}
test ! -L libcrypto.so -a -f libcrypto.so.3 &&
ln -sf libcrypto.so.3 libcrypto.so
test ! -L libssl.so -a -f libssl.so.3 &&
ln -sf libssl.so.3 libssl.so )
done
unset FOO
# Update /etc/ld.so.cache
ldconfig
# If you upgraded from OpenSSL 1.1.x to 3.0.16, you may find old version
# libssl.so.*.* shared library files in prefix/lib*/. Best to just leave
# them there. If you must remove them, at least check what is running now
# and is using it by using 'lsof' as root.
# lsof /usr/lib*/libcrypto.so* /usr/local/lib*/libcrypto.so*
# lsof /usr/lib*/libssl.so* /usr/local/lib*/libssl.so*
# Make sure your non-root user can remove the source later
chown -R $(logname) .
chmod -R u+w .
# Of course you can view all of the OpenSSL man pages with 'man', but you
# can also view them as HTML under /usr/local/doc/openssl/html/, and
# online at https://docs.openssl.org/3.0/
# To list the local HTML ones:
lynx /usr/local/doc/openssl/html/
# Become your non-root user again
exit
# Save the source for later
cd
mkdir -p -m 0700 installed
rm -f installed/openssl-*.tar.*
mv openssl-3.0.16.tar.gz installed/
# Go back to the main OpenSSL HOWTO for "Post-install setup"
List of HOWTOs
Web page itself last updated: 2023-12-20 8:06pm (EDT -0400)
HOWTO last updated: 2025-03-18 3:59pm
Copyright © 2001-2025 Jason Englander. All Rights reserved.
HOWTO last updated: 2025-03-18 3:59pm
Copyright © 2001-2025 Jason Englander. All Rights reserved.
![[HTML5]](HTML5_Logo_64-black.png){kind=logo}
