OpenSSL is a robust, open-source toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, which are essential for secure communication over networks.
For developers working with secure connections, encryption, or digital certificates, installing and properly configuring OpenSSL libraries becomes a necessary skill.
Many developers encounter confusion when they try to build code that depends on OpenSSL. This often happens when they’ve installed the OpenSSL command-line tools but find themselves missing the development libraries needed for compilation.
Why OpenSSL Libraries Are Not Included in the Basic Package
When you install the basic OpenSSL package on Ubuntu using apt-get install openssl, you’re only getting the command-line tools and runtime libraries. This is intentional – package managers separate runtime components from development components to:
- Reduce disk space usage for users who only need the runtime
- Make system updates more efficient
- Maintain a cleaner dependency tree
Understanding Package Naming Conventions in Ubuntu
Ubuntu follows specific naming conventions for packages that are helpful to understand:
- Base packages (like openssl) contain the executables and runtime libraries
- Development packages are named with -dev suffix (like libssl-dev)
- Runtime library packages often start with lib (like libssl1.1)
Learning these naming patterns makes finding the right packages much easier.
Installing OpenSSL Development Libraries
Method 1: Using Package Manager (Recommended)
The simplest and most reliable way to install OpenSSL development libraries is through the package manager:
sudo apt-get install libssl-dev
This installs the header files and development libraries needed for compiling programs that use OpenSSL.
Read: How to install and uninstall applications on Ubuntu – A Beginner’s guide
Method 2: Finding the Right Package Manually
If you’re not sure which package you need, Ubuntu provides several ways to search for packages:
# Search for packages containing “ssl”
apt-cache search ssl | grep dev
# Check which package provides a specific header file
apt-file search openssl/bio.h
The second command requires the apt-file tool, which you can install with sudo apt-get install apt-file followed by sudo apt-file update.
Read: Fix Broken Packages in Ubuntu 24.04: Step-by-Step Guide to Package Repair & Removal
Method 3: Using Tab Completion
Ubuntu’s bash supports helpful tab completion that can show available packages:
sudo apt-get install libssl-[TAB][TAB]
This will display all packages starting with “libssl-“, making it easier to find the right one.
Installing from Source
While using package managers is preferred, sometimes you might need a specific version not available in the repositories. Here’s how to install OpenSSL from source:
Step 1: Install Prerequisites
sudo apt-get install build-essential checkinstall zlib1g-dev
Step 2: Download the Source Code
Visit the OpenSSL website to find the version you need, then download it:
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
Always verify the integrity of downloaded files:
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz.sha256
sha256sum openssl-1.1.1g.tar.gz
cat openssl-1.1.1g.tar.gz.sha256
Step 3: Extract and Configure
tar -xf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g
./config –prefix=/usr/local/ssl –openssldir=/usr/local/ssl shared zlib
The shared option ensures that dynamic libraries are built, which is typically what you want for development.
Step 4: Compile and Install
make
sudo make install
Step 5: Configure the Dynamic Linker
Create a configuration file for the linker:
sudo bash -c ‘echo “/usr/local/ssl/lib” > /etc/ld.so.conf.d/openssl.conf’
sudo ldconfig
Step 6: Update PATH Environment Variable
Add the new OpenSSL binary directory to your PATH:
echo ‘export PATH=”/usr/local/ssl/bin:$PATH”‘ >> ~/.bashrc
source ~/.bashrc
Read: How is the path environment variable managed in Linux/Ubuntu/Debian?
Step 7: Verify the Installation
Check that the correct version is now available:
openssl version
Configuring Your Project to Use OpenSSL
Including Headers in C/C++ Code
Include the necessary headers in your source files:
#include <openssl/bio.h>
#include <openssl/buffer.h>
#include <openssl/des.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
Compilation and Linking
When compiling programs that use OpenSSL:
g++ -o myprogram myprogram.cpp -lssl -lcrypto
If you’ve installed OpenSSL in a custom location, you’ll need to specify the include and library paths:
g++ -o myprogram myprogram.cpp -I/usr/local/ssl/include -L/usr/local/ssl/lib -lssl -lcrypto
Using pkg-config
For more complex projects, pkg-config provides a cleaner way to get compiler flags:
g++ -o myprogram myprogram.cpp $(pkg-config –cflags –libs openssl)
Common Issues and Troubleshooting
Missing Headers
If you see errors like openssl/bio.h: No such file or directory, you need to install the development package (libssl-dev).
Linker Errors
If you get errors like undefined reference to ‘BIO_new’, ensure you’re linking with the correct libraries using -lssl -lcrypto.
Version Mismatch
If your code requires a specific OpenSSL version that differs from what’s provided by your distribution, consider installing from source or using container technologies to isolate your development environment.
Multiple OpenSSL Installations
If you have multiple OpenSSL installations, use the following to ensure you’re using the correct one:
which openssl
openssl version
echo $LD_LIBRARY_PATH
Understanding the Difference Between Runtime and Development Packages
The distinction between runtime and development packages can be confusing. Here’s a clear breakdown:
- Runtime package (openssl): Contains the binary executables and shared libraries needed to run programs that use OpenSSL
- Development package (libssl-dev): Contains header files, static libraries, and documentation needed to compile programs that use OpenSSL
- Library package (libssl1.1): Contains the shared libraries that provide the actual OpenSSL implementation
Different Requirements for Different Distributions
Package naming conventions can vary between Linux distributions:
- Ubuntu/Debian: Uses libssl-dev
- CentOS/RHEL/Fedora: Uses openssl-devel
- Arch Linux: Uses openssl
This is important to know if you’re working across different environments or writing documentation for multiple platforms.
Maintaining OpenSSL Security
Security vulnerabilities in cryptographic libraries like OpenSSL can have serious implications. Always:
- Keep your OpenSSL installation updated with the latest security patches
- Subscribe to security announcements from your distribution
- Regularly check for OpenSSL updates, especially after major vulnerability disclosures
FAQ
Why are development files separate from runtime files?
Development files (headers, static libraries) are separated to reduce disk usage and simplify dependency management for end-users who don’t need to compile software.
How do I check which version of OpenSSL I have installed?
Use the command openssl version to check the version of the OpenSSL command-line tool.
Can I have multiple versions of OpenSSL installed simultaneously?
Yes, but it requires careful configuration of include paths, library paths, and environment variables to ensure each application uses the intended version.
What’s the difference between -lssl and -lcrypto when linking?
-lssl links against the SSL/TLS implementation, while -lcrypto links against the cryptographic functions. Most applications using OpenSSL need both.
How do I upgrade OpenSSL without breaking existing applications?
When upgrading OpenSSL, test your applications thoroughly before deploying to production. Consider using compatibility layers or containerization if breaking changes occur.
What’s the relationship between OpenSSL and LibreSSL?
LibreSSL is a fork of OpenSSL created by the OpenBSD team with a focus on simplicity and security. It maintains API compatibility but has different development goals.
How do I verify that my OpenSSL installation is secure?
Use tools like openssl s_client and online security scanners to test your SSL/TLS configuration. Stay informed about security advisories and apply patches promptly.
If you like the content, we would appreciate your support by buying us a coffee. Thank you so much for your visit and support.
