# Linux – updating openssl on Debian

debianlinuxopenssl

I compiled OpenSSL-1.0.1e on Debian Lenny (armv4 architecture) from the [source code][1]. I followed the instruction on http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssl.html to compile the source code. make, make test, make install were successfully completed. However, OpenSSL shows that I still have the old version

OpenSSL> version
OpenSSL 0.9.8g 19 Oct 2007


How do I suppose to update the OpenSSL? Do I need to replace the old binary (in /usr/bin) with the newly compiled openssl binary?

EDIT: make test output:
ALL TESTS SUCCESSFUL.

make[1]: Leaving directory /home/openssl-1.0.1e/test'
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
OpenSSL 1.0.1e 11 Feb 2013
built on: Mon Jun 10 05:08:05 UTC 2013
platform: dist
options:  bn(32,32) rc4(ptr,int) des(idx,cisc,2,long) idea(int) blowfish(idx)
compiler: cc -O
OPENSSLDIR: "/usr/local/ssl"


make install output:

make[1]: Leaving directory /home/openssl-1.0.1e/engines'
making install in apps...
make[1]: Entering directory /home/openssl-1.0.1e/apps'
installing openssl
installing CA.sh
installing CA.pl
installing tsget
make[1]: Leaving directory /home/openssl-1.0.1e/apps'
making install in test...
make[1]: Entering directory /home/openssl-1.0.1e/test'
make[1]: Nothing to be done for install'.
make[1]: Leaving directory /home/openssl-1.0.1e/test'
making install in tools...
make[1]: Entering directory /home/openssl-1.0.1e/tools'
make[1]: Leaving directory /home/openssl-1.0.1e/tools'
installing libcrypto.a
installing libssl.a
cp libcrypto.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libcrypto.pc
cp libssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libssl.pc
cp openssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc


———————————————————————

EDIT2: I already did apt-get --purge remove openssl to remove the older version. executing openssl on terminal outputs -bash: /usr/bin/openssl: No such file or directory. If I execute /usr/local/ssl/bin/openssl then it runs the openssl with the correct version.

I am not sure what files to link to where? I am still a newbie who tries to learn Linux. The device that I am using does not support squeeze or Wheezy because of some issue on the device's processor, so I have to compile it manually. I believe it would solve the problem if you could answer these two questions:

1) would it work if I copy /usr/local/ssl/bin/openssl to /usr/bin/openssl? But, would it cause any problem or do I also need to move files on /usr/local/ssl/* to somewhere else?

or
2) I read on the documentation that:

 This will build and install OpenSSL in the default location, which is (for
historical reasons) /usr/local/ssl. If you want to install it anywhere else,
run config like this:

\$ ./config --prefix=/usr/local --openssldir=/usr/local/openssl


Could you tell me what directories (for –prefix and openssldir) do I need to define for Debian? Then I can compile the source again.I previously used:

./config --prefix=/usr         \
--openssldir=/etc/ssl \
shared                \
linux-armv4           \
zlib-dynamic


OpenSSL is often considered a core package as it is used by a number of others to provide security features, and I would recommend against hand-rolling core packages unless you have a particularly good understanding of the potential repercussions. If you do hand-roll it I would recommend installing over the provided package, instead installing it into /usr/local or even your user home and compiling what-ever you need that needs the updated library where to find it as pat of their build procedure - this was you do not disrupt other binary packages that depend upon openssl. If you hand-roll openssl you will need to rebuild it each time an update is released (and may need to rebuild other dependent packes each time too depending on the changes).