Skip to content

OpenSSL on ArchLinux

Jump to bottom Edit New page
Richard de Wit edited this page Nov 17, 2018 · 2 revisions

From @tuvistavie's comment on https://github.com/asdf-vm/asdf/issues/195, thought this was a good explanation so I figured I would repost it here:

tldr (if on ArchLinux)

asdf plugin-update erlang
wget -O /tmp/link-openssl.sh https://gist.githubusercontent.com/danhper/22554261f3e613703d76d882977290f1/raw/0f244ae93e980160492bd9fc9bc84797f16ac10a/archlinux-link-openssl1-0.sh
sudo bash /tmp/link-openssl.sh /usr/local/openssl-1.0
ERLANG_OPENSSL_PATH="/usr/local/openssl-1.0" asdf install erlang 19.3

Explanations

After trying a few things, here are the results:

  • The issue is definitely that Erlang/OTP does not build with OpenSSL 1.1
  • ArchLinux openssl 1.0 package directory structure does not play well with erlang --with-ssl flag. The directory structure should be something like DIR/lib/libssl.so for it to work with --with-ssl=DIR, but it is installed at /usr/lib/openssl-1.0/libssl.so

Let's assume that we want to have OpenSSL 1.0 in $HOME/.openssl-1.0 (if we want to make this /usr/local/openssl-1.0, or something not inside user home, some steps will require sudo)

  1. First, we need to have OpenSSL 1.0 installed with a a directory structure that Erlang build scripts will understand. We have two choices:

    1. Compile OpenSSL 1.0 from sources. This can be done with the following steps:
    git clone https://github.com/openssl/openssl.git --branch OpenSSL_1_0_2-stable
./config --prefix=$HOME/.openssl-1.0 shared -fPIC
make depend && make && make install
    1. Link the lib and include provided in Arch openssl-1.0 package. This can be done with the following steps:
    mkdir -p $HOME/.openssl-1.0
cd $HOME/.openssl.1-0
ln -sf /usr/lib/openssl-1.0 lib
ln -sf /usr/include/openssl-1.0 include

    I created a gist with the steps here: https://gist.github.com/tuvistavie/22554261f3e613703d76d882977290f1

    I would rather go with the second solution, as it avoids having to maintain an OpenSSL install for no good reason.

  2. Then we need to path --with-ssl to ./configure in Erlang so that it uses OpenSSL 1.0 and not 1.1. I updated asdf-erlang to support the ERLANG_OPENSSL_PATH environment variable to make this easier, as the --with-ssl option was currently overriden. Erlang can therefore be installed using:

    ERLANG_OPENSSL_PATH="$HOME/.openssl-1.0" asdf install erlang 19.3

Let me know how this works for you.

NOTE: do not forget to run asdf plugin-update erlang before installing anything.

Add a custom footer
Add a custom sidebar
Clone this wiki locally