Securing-Optimizing-RH-Linux-1_2_282
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
282
[root@deep tmp]# tar xzpf openssl_version.tar.gz
Compile and Optimize
Move into the new Openssl directory and type the following commands on your terminal:
Step 1
Edit the c_rehash file (vi +11 tools/c_rehash) and change the line:
DIR=/usr/local/ssl
To read:
DIR=/usr
The changed line above will build and install OpenSSL in the default location /usr.
Step 2
By default OpenSSL source files suppose that your Perl program directory is located under the
/usr/local/bin/perl directory. We must modify the #!/usr/local/bin/perl line in all scripts that rely
on perl to reflect our Perl directory under Red Hat Linux to be /usr/bin.
[root@deep openssl-0.9.5]# perl util/perlpath.pl /usr/bin (where your perl program reside).
Step 3
OpenSSL must to know where to find the necessary source libraries of OpenSSL to compile
successfully its require files. With the command bellow, we set the PATH ENVIRONMENT
VARIABLE to the default directory where we are uncompressed the OpenSSL source files.
[root@deep openssl-0.9.5]# export LD_LIBRARY_PATH=`pwd`
Step 4
Now, we must configure OpenSSL for our system:
CC="egcs" \
./Configure linux-elf -DSSL_FORBID_ENULL \
--prefix=/usr \
--openssldir=/etc/ssl
NOTE: The -DSSL_FORBID_ENULL option is require for not allowing null encryption for security
reasons.
Step 5
Edit the Makefile.ssl file (vi +52 Makefile.ssl) and change the following line:
CC= gcc
To read:
CC= egcs
Edit the Makefile.ssl file (vi +54 Makefile.ssl) and add/change the following line:
CFLAG= -DTHREADS -D_REENTRANT -DSSL_FORBID_ENULL -DL_ENDIAN -DTERMIO -O9 -funroll-
loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-
exceptions -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM