LibreSSL has been released this weekend, so here is some steps to build a first version usuable in parallel with the default OpenSSL library of the system (Gentoo in my case).
sha256sum libressl-2.0.1.tar.gz # Compare with http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/SHA256 ./configure CFLAGS="-O2 -march=native -fstack-protector-all -fPIE" LDFLAGS="-Wl,-z,now -Wl,-z,relro -pie" make -j 2
Install the binary and libraries in the /opt repertory, to leave the default OpenSSL usuable :
# mkdir /opt/libressl # cp ./ssl/.libs/libssl.so.27 /opt/libressl # cp ./crypto/.libs/libcrypto.so.30 /opt/libressl # cp apps/.libs/openssl /opt/libressl/libressl # chmod 555 /opt/libressl/*.so* # chmod 755 /opt/libressl/libressl
Then create a script to start it, for example /usr/local/bin/libressl :
#!/bin/bash export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/libressl /opt/libressl/libressl "$@"
$ libressl version LibreSSL 2.0
LibreSSL can now be used as a standalone tool to make some tests on its command line functions (generate keys, certificates, and so on), but the other programs will still use the OpenSSL library, until the port system makes changes to allow multiple versions of OpenSSL.