1

I'm trying to do some configuration so that I can use SSL/HTTPS with the Faraday gem in my Ruby on Rails app. I'm following the directions on the Faraday official site, but I'm stuck on a step. I don't know how to change the value of OPENSSLDIR (see image below). I've looked all over for a command to do this. Any help would be appreciated! My OS is Ubuntu.

enter image description here

kales33
  • 670
  • 8
  • 23
  • 1
    read again. You should not actually change OPENSSLDIR but use the value you see there, add `certs/` and then use the resulting value as `:ca_path` in the next command. Apart from that your openssl is really rotten old and does not support modern cryptography (TLS 1.2, ECDHE..) which means that you will probably run into several problems when trying to use it. – Steffen Ullrich Jul 12 '16 at 20:07
  • OpenSSL 0.9.8 - Ouch. Can't they update that ancient, non-maintained version of the library??? – jww Jul 12 '16 at 20:14
  • Thanks @SteffenUllrich!! I feel like they could have phrased the documentation a little more clearly. As far as the openssl version, the image I posted is from the Faraday website. I'm using version 1.0.2 on my machine. Thank you for pointing this out though. Avoiding security threats is definitely important to me. – kales33 Jul 12 '16 at 20:59

1 Answers1

1

How to change OPENSSLDIR on Ubuntu?

There are two ways. One way works with all versions of OpenSSL, the second works with OpenSSL 1.0.2 and below.

All OpenSSL

./config ... --prefix=<your install location>

A straight ./config uses /usr/local/ssl as its location. Its the default location.

The difference emerges when you install. make install and make install_sw both install into the location you select. <your install location> is available in OPENSSLDIR, which is defined in <openssl/opensslconf.h>.

OpenSSL 1.0.2 and below

./config ... --openssldir=<your install location>

A straight ./config uses /usr/local/ssl as its location. Its the default location.

make install and make install_sw both install into the location you select. <your install location> is available in OPENSSLDIR, which is defined in <openssl/opensslconf.h>.

IF you use --openssldir with OpenSSL 1.1.0, then make install_sw does not honor your location.

jww
  • 97,681
  • 90
  • 411
  • 885
  • Thank you jww! As Steffen Ullrich pointed out to me, the Faraday documentation was misleading, and I don't actually have to change the value of OPENSSLDIR in order to get SSL to work with Faraday. However, your answer has a lot of good information that is very useful! Thank you! – kales33 Jul 12 '16 at 21:01
  • This answer confuses me. What is the "..." meant to be in the examples? What is ./config? I don't have one in my openSSL install. You mention make install, does this mean these steps are meant to take place when compiling OpenSSL? – Eliezer Miron Sep 22 '22 at 22:36