How to force use OpenSSL from /usr/local

debian compiling openssl

6,286

Are you sure applications aren't already using it? If you check the output of ldconfig -v, which OpenSSL library is shown first in the output?

By default Debian-based systems (and I'm sure most other Linux systems that follow the FHS) search /usr/local/lib for libraries before searching /usr/lib. This means that any OpenSSL-using applications that you've started since installing your own custom version should be using it ahead of the version in /usr/lib.

You can confirm this by using ldd on a binary linked against OpenSSL. For example:

$ ldd /usr/sbin/nginx
...
        libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007fd50f80b000)
...

Note the path of libssl - that's the version it'll use, even if multiple copies are on the system.

If your custom version of OpenSSL is in a directory below /usr/local/lib (eg, /usr/local/lib/ssl) and you see that it isn't being found by ld, you can add that directory to a new file in /etc/ld.so.conf.d and re-run ldconfig (be sure to use the -v option so that it displays the names of all the libraries in the defined search paths).

6,286

user681768917

Updated on September 18, 2022

Comments

user681768917 over 1 year

I have a single board computer with a 64bit ARM CPU and AES instruction set. The provided image of Debian 8 Jessie Mate Desktop uses OpenSSL 1.0.1k build that can't use that acceleration.

I've built OpenSSL 1.0.2n from source with that acceleration enabled and installed it to /usr/local.

This answer explains how to access it from command line which works fine but how do I force all programs and daemons using this /usr/local version?

The original OpenSSL package can't be uninstalled because of dependencies (= no symlinking). So what's the correct way of coexisting these two and using the one from /usr/local?

Note: I'm aware of my responsibility of keeping the /usr/local OpenSSL updated.