Table of Contents
Ideally, you need to use version 0.9.7 or later of OpenSSL. If this is installed on your system by default (and it is on most recent releases of UNIX like OSes) then everything should just work.
However, if it isn't, you have a few options.
The best option is to upgrade your installation to use 0.9.7. Hopefully your package manager will make this easy for you. This may require reinstallation of lots of software which depends on OpenSSL, so may not be ideal.
(But as there have been a few security flaws in OpenSSL recently, you probably want to upgrade it anyway.)
The second best option is to install another copy. If you download and install from source, it will probably install into /usr/local/ssl. You can then configure Box Backup to use it using:
./configure --with-ssl-headers=/usr/local/ssl/include --with-ssl-lib=/usr/local/ssl/lib
which will set up the various includes and libraries for you.
The configuration scripts may be a problem, depending on your installation. See below for more information.
If you have an old version installed, the configuration script will give you instructions on how to enable support for older versions. Read the warnings, and please, whatever you do, don't release binary packages or ports which enable this option.
You may have issues with the configuration scripts, see below.
If you get OpenSSL related errors with the configuration scripts, there are two things to check:
The bin directory within your OpenSSL directory is in the path (if you have installed another version)
You have an openssl.cnf file which works and can be found.
You need to have an openssl.cnf file. The default will generally work well (see example at end). Make sure the openssl utility can find it, either set the OPENSSL_CONF environment variable, or install it into the location that is mentioned in the error messages.
Example OpenSSL config file:
# # OpenSSL example configuration file. # This is mostly being used for generation of certificate requests. # RANDFILE = /dev/arandom #################################################################### [ req ] default_bits = 1024 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes [ req_distinguished_name ] countryName = Country Name (2 letter code) #countryName_default = AU countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) #stateOrProvinceName_default = Some-State localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) #0.organizationName_default = Internet Widgits Pty Ltd # we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) #1.organizationName_default = CryptSoft Pty Ltd organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = commonName = Common Name (eg, fully qualified host name) commonName_max = 64 emailAddress = Email Address emailAddress_max = 64 [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 unstructuredName = An optional company name [ x509v3_extensions ] nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem nsComment = "This is a comment" # under ASN.1, the 0 bit would be encoded as 80 nsCertType = 0x40