General Page
You are in: IBM i OpenSSH & OpenSSL - Navigation > OpenSSL 1.1.1 Instructions
1. Compatibility
The OpenSSL 1.0.2 libraries(libcrypto.a & libssl.a) continue to be provided. Applications linked to OpenSSL 1.0.2 continue to function, albeit without further security or bugfix updates.
Note: OpenSSL 1.0.2 will go out of service at the end of 2019. It is recommended that you recompile your application to link to OpenSSL 1.1.1 as soon as possible.
Refer to official release strategy.
2. Instructions on how to link to OpenSSL 1.1.1 libraries
OpenSSL 1.1.1 libraries are shipped as following libraries.
libcrypto.so.1.1
libssl.so.1.1
1) Create a symbolic link in your project's build directory:
mkdir lib
ln -s /QOpenSys/QIBM/ProdData/SC1/OpenSSL/lib/libcrypto.so.1.1 lib/libcrypto.a
ln -s /QOpenSys/QIBM/ProdData/SC1/OpenSSL/lib/libssl.so.1.1 lib/libssl.a
2) Recompile your application with the new library. The library path is symbolic links path.
ex: xlc_r sample.c -Llib -lcrypto -lssl -o sample
3) After rebuild, use dump -H to check whether new libraries are linked.
Partial output of a program linked with 1.0.2
***Import File Strings***
INDEX PATH BASE MEMBER
0 /usr/lib:/lib
1 libc.a shr.o
2 libcrypto.a libcrypto.so.1.0
3 libssl.a libssl.so.1.0
Partial output of a program linked with 1.1.1
***Import File Strings***
INDEX PATH BASE MEMBER
0 /usr/lib:/lib
1 libc.a shr.o
2 libcrypto.so.1.1 shr.o
3 libssl.so.1.1 shr.o
3. Known incompatibility when compiling with 1.1.1 libraries
Error Message:
(S) The declaration of "StoreCtx" uses the undefined class "x509_store_ctx_st" when the class must be complete.
Cause:
x509_store_ctxt_st and other structures were made opaque in OpenSSL 1.1.0. Fields cannot be accessed directly, but must be done through various access functions. See https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes for more information on these changes.
Was this topic helpful?
Document Information
Modified date:
05 February 2020
UID
ibm11136584