Linux – updating openssl on Debian


I compiled OpenSSL-1.0.1e on Debian Lenny (armv4 architecture) from the [source code][1]. I followed the instruction on to compile the source code. make, make test, make install were successfully completed. However, OpenSSL shows that I still have the old version

OpenSSL> version
OpenSSL 0.9.8g 19 Oct 2007

How do I suppose to update the OpenSSL? Do I need to replace the old binary (in /usr/bin) with the newly compiled openssl binary?

EDIT: make test output:

make[1]: Leaving directory `/home/openssl-1.0.1e/test'
OPENSSL_CONF=apps/openssl.cnf util/ version -a
OpenSSL 1.0.1e 11 Feb 2013
built on: Mon Jun 10 05:08:05 UTC 2013
platform: dist
options:  bn(32,32) rc4(ptr,int) des(idx,cisc,2,long) idea(int) blowfish(idx) 
compiler: cc -O
OPENSSLDIR: "/usr/local/ssl"

make install output:

make[1]: Leaving directory `/home/openssl-1.0.1e/engines'
making install in apps...
make[1]: Entering directory `/home/openssl-1.0.1e/apps'
installing openssl
installing tsget
make[1]: Leaving directory `/home/openssl-1.0.1e/apps'
making install in test...
make[1]: Entering directory `/home/openssl-1.0.1e/test'
make[1]: Nothing to be done for `install'.
make[1]: Leaving directory `/home/openssl-1.0.1e/test'
making install in tools...
make[1]: Entering directory `/home/openssl-1.0.1e/tools'
make[1]: Leaving directory `/home/openssl-1.0.1e/tools'
installing libcrypto.a
installing libssl.a
cp libcrypto.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libcrypto.pc
cp libssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libssl.pc
cp openssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc


EDIT2: I already did apt-get --purge remove openssl to remove the older version. executing openssl on terminal outputs -bash: /usr/bin/openssl: No such file or directory. If I execute /usr/local/ssl/bin/openssl then it runs the openssl with the correct version.

I am not sure what files to link to where? I am still a newbie who tries to learn Linux. The device that I am using does not support squeeze or Wheezy because of some issue on the device's processor, so I have to compile it manually. I believe it would solve the problem if you could answer these two questions:

1) would it work if I copy /usr/local/ssl/bin/openssl to /usr/bin/openssl? But, would it cause any problem or do I also need to move files on `/usr/local/ssl/* to somewhere else?

2) I read on the documentation that:

 This will build and install OpenSSL in the default location, which is (for
 historical reasons) /usr/local/ssl. If you want to install it anywhere else,
 run config like this:

  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl

Could you tell me what directories (for –prefix and openssldir) do I need to define for Debian? Then I can compile the source again.I previously used:

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         shared                \
         linux-armv4           \

Best Answer

OpenSSL is often considered a core package as it is used by a number of others to provide security features, and I would recommend against hand-rolling core packages unless you have a particularly good understanding of the potential repercussions. If you do hand-roll it I would recommend installing over the provided package, instead installing it into /usr/local or even your user home and compiling what-ever you need that needs the updated library where to find it as pat of their build procedure - this was you do not disrupt other binary packages that depend upon openssl. If you hand-roll openssl you will need to rebuild it each time an update is released (and may need to rebuild other dependent packes each time too depending on the changes).

Would it be possible to instead update your Debian installation to the latest Stable instead? That includes v1.0.1e by default (see and means you get future updates with no extra effort.

Related Question