IBM Support

OpenSSL 1.1.1 Instructions

General Page

You are in: IBM i OpenSSH & OpenSSL - Navigation >  OpenSSL 1.1.1 Instructions

1. Compatibility

The OpenSSL 1.0.2 libraries(libcrypto.a & libssl.a) continue to be provided. Applications linked to OpenSSL 1.0.2 continue to function, albeit without further security or bugfix updates.

Note: OpenSSL 1.0.2 will go out of service at the end of 2019.  It is recommended that you  recompile your application to link to OpenSSL 1.1.1 as soon as possible.

Refer to official release strategy.

2. Instructions on how to link to OpenSSL 1.1.1 libraries

OpenSSL 1.1.1 libraries are shipped as following libraries.

libcrypto.so.1.1
libssl.so.1.1

1) Create a symbolic link in your project's build directory:

mkdir lib
ln -s /QOpenSys/QIBM/ProdData/SC1/OpenSSL/lib/libcrypto.so.1.1 lib/libcrypto.a
ln -s /QOpenSys/QIBM/ProdData/SC1/OpenSSL/lib/libssl.so.1.1 lib/libssl.a

2) Recompile your application with the new library.  The library path is symbolic links path.

ex: xlc_r sample.c -Llib -lcrypto -lssl -o sample

3) After rebuild,  use dump -H to check whether new libraries are linked.

Partial output of a program linked with 1.0.2

                       ***Import File Strings***
INDEX  PATH                          BASE                MEMBER              
0      /usr/lib:/lib                                                        
1                                    libc.a              shr.o              
2                                    libcrypto.a         libcrypto.so.1.0    
3                                    libssl.a            libssl.so.1.0


Partial output of a program linked with 1.1.1

                       ***Import File Strings***
INDEX  PATH                          BASE                MEMBER              
0      /usr/lib:/lib                                                        
1                                    libc.a              shr.o              
2                                    libcrypto.so.1.1    shr.o               
3                                    libssl.so.1.1       shr.o  

3. Known incompatibility when compiling with 1.1.1 libraries

Error Message:
(S) The declaration of "StoreCtx" uses the undefined class "x509_store_ctx_st" when the class must be complete.

Cause:
x509_store_ctxt_st and other structures were made opaque in OpenSSL 1.1.0. Fields cannot be accessed directly, but must be done through various access functions. See https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes for more information on these changes.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
05 February 2020

UID

ibm11136584