Best way to update openssl on device?


So sorry this probably a pretty dumb question but I’m writing an app using the library and it kinda of works but there some issues I feel like the version is causing some problems so I want to update it but I don’t quite understand? is there openssl files on the dev machine (using mangoh VM) I can compile then use the “update” command to install or should I download the source? How do libraries like curl and openssl actually sit since they aren’t apps?

Any explanation or place too look would be helpful thanks

I want to update from 1.0.2 to 1.1.0
root@fx30:/# openssl version
OpenSSL 1.0.2n 7 Dec 2017

root@mangoh-vm:~# openssl version
OpenSSL 1.1.0g 2 Nov 2017

Actually my issue had nothing to do with the version so thats ok I don’t need to do this and I guess in order to update these programs you have to compile them into legato with yocto?

Yeah, you can use Yocto to update the root file system of the device with a different version of the package. If you’re familiar with Yocto or want to put in the effort to learn Yocto, then you can do that.

Alternatively, if its just one app that you need to use a different version of the library with, then you can cross-build the library using the toolchain for your module and include that in your app’s /lib directory.

Yea thanks I thought I needed some stuff from the new version (I didn’t) but I also tried adding the 1.1.1 openssl/crypto .so files but it kept asking for 1.0.2 even when i removed them from all the cdefs etc even though they were bundled in the apps directory on the device. Doesn’t matter though I don’t need to do it anymore. But its good to know for future reference I didn’t fully understand what the yocto project did so I might do some reading there thanks.

Yeah, I have heard of other people having problems with openssl library versions, so I did a little digging. It seems that the openssl version numbering scheme deviates from the Unix standard. The second number is their major version number, so 1.0.x and 1.1.x are not binary compatible with each other. (It begs the question, “What’s the point of the first number?” Instead of doing things normally, they added a letter on the end to be their bugfix version identifier. I can’t tell you why. :thinking: )

To get around this, you pretty much have to re-link the client program. You can either link against a 1.1 version of the shared openssl libs and include those shared libs with the client program when installing, or you could statically link them into the client program.

After that, if you’re still running into the dynamic linker complaining about 1.0.2 not being there, there must be an indirect dependency, where you’re using some other library that was built to dynamically link with 1.0.2 of openssl.



1 Like