Test build for LibreSSL

LibreSSL has been released this weekend, so here is some steps to build a first version usuable in parallel with the default OpenSSL library of the system (Gentoo in my case).


Get the source from OpenBSD FTP, verify its checksum and compile it using some of the hardened Gentoo compilation flags :

sha256sum libressl-2.0.1.tar.gz # Compare with http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/SHA256
./configure CFLAGS="-O2 -march=native -fstack-protector-all -fPIE" LDFLAGS="-Wl,-z,now -Wl,-z,relro -pie"
make -j 2

Install the binary and libraries in the /opt repertory, to leave the default OpenSSL usuable :

# mkdir /opt/libressl
# cp ./ssl/.libs/libssl.so.27 /opt/libressl
# cp ./crypto/.libs/libcrypto.so.30 /opt/libressl
# cp apps/.libs/openssl /opt/libressl/libressl
# chmod 555 /opt/libressl/*.so*
# chmod 755 /opt/libressl/libressl

Then create a script to start it, for example /usr/local/bin/libressl :


export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/libressl
/opt/libressl/libressl "$@"

Then :

$ libressl version
LibreSSL 2.0

LibreSSL can now be used as a standalone tool to make some tests on its command line functions (generate keys, certificates, and so on), but the other programs will still use the OpenSSL library, until the port system makes changes to allow multiple versions of OpenSSL.