Have you tried to compile OpenSSL directly on your Raspberry Pi? Don’t! Save yourself a lot of time by compiling it on your desktop computer or laptop instead, then move it to your Pi!
1. Get the cross-compiler
First you need to get the cross-compiling tools on your computer. Those will allow you to compile for your Pi’s ARM architecture. The cross-compiling tools are part of the raspberrypi/tools repository on Github, which you’re going to have to clone to your computer. From whatever base folder you’ve chosen for this, type:
$ git clone https://github.com/raspberrypi/tools.git --depth=1 pitools
--depth=1 specifies you only want to copy the latest revision of the repository. You can leave it out if you prefer to clone the whole thing instead.
You will now find two important folders in the
arm-bcm2708 subfolder of your newly created
pitools repository. The first is called
gcc-linaro-arm-linux-gnueabihf-raspbian and contains the cross-compiling tools you must use on a 32-bit computer, the second is called
gcc-linaro-arm-linux-gnueabihf-raspbian-x64 and contains predictably the tools for 64-bit systems. Note that the Raspberry Pi itself has a 32-bit processor, so we aren’t talking about the Pi now, but your computer, which is either 32 or 64-bit.
The cross-compiling tools themselves are in the respective
bin subfolder. To put it all together, on a 64-bit system the path to the cross-compiling tools for your Raspberry Pi will be:
Export it as a variable for later:
$ export CROSSCOMP_DIR=/path/to/basefolder/pitools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian-x64/bin
Have a look at the files in the
bin folder. You’ll notice they all start with the
arm-linux-gnueabihf- prefix and include a C compiler (
gcc), a C++ compiler (
g++), a linker (
2. Get the OpenSSL source
Assuming you want to compile and install the latest OpenSSL version on your Pi, type:
$ git clone https://github.com/openssl/openssl.git
Again, choose a base folder for cloning the repository into. If you don’t want the latest OpenSSL version, go to openssl.org and download the
tar.gz file of the version you’re interested in, extract it and move the folder to the location of your choice.
3. Cross-compile the OpenSSL source
At this point you’re ready to cross-compile.
cd into the OpenSSL repository and export the following variable for convenience:
$ export INSTALL_DIR=/path/to/installation/folder
It should contain the path to the folder you want to install the cross-compiled OpenSSL to.
Now run the
Configure script with the following options:
linux-generic32: You’re compiling for a 32-bit Linux system, i.e. your Raspberry Pi
shared: To create static (
.so) OpenSSL libraries
--prefix=$INSTALL_DIR: The path to the folder your cross-compiled OpenSSL will be installed in, as seen above
--openssldir=$INSTALL_DIR/openssl: This folder will contain certain configuration files
--cross-compile-prefix=$CROSSCOMP_DIR/arm-linux-gnueabihf-: This is the path to the cross-compiling tools we’ve seen above, and kind of the point of the whole thing. Notice the dash at the end!
user@host:/path/to/folder/openssl $ ./Configure linux-generic32 shared \ --prefix=$INSTALL_DIR --openssldir=$INSTALL_DIR/openssl \ --cross-compile-prefix=$CROSSCOMP_DIR/arm-linux-gnueabihf-
After the configuration step is done, run the following commands:
make depend make make install
Your installation folder now contains the cross-compiled OpenSSL!
bin folder contains the
openssl executable and the
lib folder contains the OpenSSL libraries.
You can check the
openssl executable in
$INSTALL_DIR/bin to see that it really is a 32-bit Linux executable for the ARM platform :)
$ file $INSTALL_DIR/bin/openssl openssl: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.26, BuildID[sha1]=60d55b25b044bf1f378eba2e7890c928f8552609, not stripped
4. Transfer the cross-compiled OpenSSL to your Pi
Now transfer the installation folder to your Pi, for example via
scp, and check that the executable can effectively run, e.g. by
cd‘ing into the folder and typing:
user@host:/path/to/folder/openssl/bin $ ./openssl help
Once compiling your programs on the Pi with the new OpenSSL libraries, make sure they are also the ones actually being loaded at run-time!