Branch
-
Show log
Commit
-
Hash : 86e4965d
Author :
Date : 2026-04-01T19:26:44
Replace expiring certs with more modern versions Ref: #1018
-
Files
- .github/
- .gitignore
- CMakeLists.txt
- COPYING
- ChangeLog
- FindLibreSSL.cmake
- LibreSSLConfig.cmake.in
- Makefile.am
- Makefile.am.common
- OPENBSD_BRANCH
- README.md
- README.mingw.md
- apps/
- appveyor.yml
- autogen.sh
- check-release.sh
- cmake_export_symbol.cmake
- cmake_uninstall.cmake.in
- config
- configure.ac
- crypto/
- dist.sh
- gen-coverage-report.sh
- gen-openbsd-tags.sh
- include/
- libcrypto.pc.in
- libressl.pub
- libssl.pc.in
- libtls.pc.in
- m4/
- man/
- openssl.pc.in
- patches/
- scripts/
- ssl/
- tests/
- tls/
- update.sh
-
Properties
-
Git HTTP https://git.kmx.io/kc3-lang/libressl.git Git SSH git@git.kmx.io:kc3-lang/libressl.git Public access ? public Description LibreSSL Portable
Users
Tags - v4.2.0
- v4.1.1
- v4.1.0
- v4.0.1
- v4.0.0
- v3.9.2
- v3.9.1
- v3.9.0
- v3.8.4
- v3.8.3
- v3.8.2
- v3.8.1
- v3.8.0
- v3.7.3
- v3.7.2
- v3.7.1
- v3.7.0
- v3.6.3
- v3.6.2
- v3.6.1
- v3.6.0
- v3.5.4
- v3.5.3
- v3.5.2
- v3.5.1
- v3.5.0
- v3.4.3
- v3.4.2
- v3.4.1
- v3.4.0
- v3.3.6
- v3.3.5
- v3.3.4
- v3.3.3
- v3.3.2
- v3.3.1
- v3.3.0
- v3.2.7
- v3.2.6
- v3.2.5
- v3.2.4
- v3.2.3
- v3.2.2
- v3.2.1
- v3.2.0
- v3.1.5
- v3.1.3
- v3.1.2
- v3.1.1
- v3.1.0
- v3.0.2
- v3.0.1
- v3.0.0
- v2.9.2
- v2.9.1
- v2.9.0
- v2.8.3
- v2.8.2
- v2.8.1
- v2.8.0
- v2.7.5
- v2.7.4
- v2.7.3
- v2.7.2
- v2.7.1
- v2.7.0
- v2.6.5
- v2.6.4
- v2.6.3
- v2.6.2
- v2.6.1
- v2.6.0
- v2.5.5
- v2.5.4
- v2.5.3
- v2.5.2
- v2.5.1
- v2.5.0
- v2.4.5
- v2.4.4
- v2.4.3
- v2.4.2
- v2.4.1
- v2.4.0
- v2.3.9
- v2.3.8
- v2.3.7
- v2.3.6
- v2.3.5
- v2.3.4
- v2.3.3
- v2.3.2
- v2.3.10
- v2.3.1
- v2.3.0
- v2.2.9
- v2.2.8
- v2.2.7
- v2.2.6
- v2.2.5
- v2.2.4
- v2.2.3
- v2.2.2
- v2.2.1
- v2.2.0
- v2.1.9
- v2.1.8
- v2.1.7
- v2.1.6
- v2.1.5
- v2.1.4
- v2.1.3
- v2.1.2
- v2.0.6
-
README.md
-
Official portable version of LibreSSL
LibreSSL is a fork of OpenSSL 1.0.1g developed by the OpenBSD project. Our goal is to modernize the codebase, improve security, and apply best practice development processes from OpenBSD.
Compatibility with OpenSSL
LibreSSL provides much of the OpenSSL 1.1 API. The OpenSSL 3 API is not currently supported. Incompatibilities between the projects exist and are unavoidable since both evolve with different goals and priorities. Important incompatibilities will be addressed if possible and as long as they are not too detrimental to LibreSSL’s goals of simplicity, security and sanity. We do not add new features, ciphers and API without a solid reason and require that new code be clean and of high quality.
LibreSSL is not ABI compatible with any release of OpenSSL, or necessarily earlier releases of LibreSSL. You will need to relink your programs to LibreSSL in order to use it, just as in moving between major versions of OpenSSL. LibreSSL’s installed library version numbers are incremented to account for ABI and API changes.
Compatibility with other operating systems
While primarily developed on and taking advantage of APIs available on OpenBSD, the LibreSSL portable project attempts to provide working alternatives for other operating systems, and assists with improving OS-native implementations where possible.
At the time of this writing, LibreSSL is known to build and work on:
- Linux (kernel 3.17 or later recommended)
- FreeBSD (tested with 9.2 and later)
- NetBSD (7.0 or later recommended)
- HP-UX (11i)
- Solaris 11 and later
- Mac OS X (tested with 10.8 and later)
- AIX (5.3 and later)
- Emscripten (3.1.44 and later)
LibreSSL also supports the following Windows environments:
- Microsoft Windows (Windows 7 / Windows Server 2008r2 or later, x86 and x64)
- Wine (32-bit and 64-bit)
- MinGW-w64, Cygwin, and Visual Studio
Official release tarballs are available at your friendly neighborhood OpenBSD mirror in directory LibreSSL, although we suggest that you use a mirror.
The LibreSSL portable build framework is also mirrored on GitHub.
Please report bugs either to the public libressl@openbsd.org mailing list, or to the GitHub issue tracker
Severe vulnerabilities or bugs requiring coordination with OpenSSL can be sent to the core team at libressl-security@openbsd.org.
Building LibreSSL
Building from a Git checkout
If you have checked out this source using Git, or have downloaded a source tarball from GitHub, follow these initial steps to prepare the source tree for building. Note: Your build will fail if you do not follow these instructions! If you cannot follow these instructions or cannot meet these prerequisites, please download an official release distribution from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ instead. Using official releases is strongly advised if you are not a developer.
- Ensure that you have a bash shell. This is also required on Windows.
- Ensure that you have the following packages installed: automake, autoconf, git, libtool, perl.
-
Run
./autogen.shto prepare the source tree for building.
Build steps using configure
Once you have the source tree prepared, run these commands to build and install:
./configure # see ./configure --help for configuration options make check # runs builtin unit tests make install # set DESTDIR= to install to an alternate locationAlternatively, it is possible to run
./dist.shto prepare a tarball.Build steps using CMake
Once you have the source tree prepared, run these commands to build and install:
mkdir build cd build cmake .. make make testFor faster builds, you can use Ninja:
mkdir build-ninja cd build-ninja cmake -G"Ninja" .. ninja ninja testOr another supported build system like Visual Studio:
mkdir build-vs2022 cd build-vs2022 cmake -G"Visual Studio 17 2022" ..Additional CMake Options
Option Name Default Description LIBRESSL_SKIP_INSTALLOFFallows skipping install() rules. Can be specified from command line using <br> -DLIBRESSL_SKIP_INSTALL=ONLIBRESSL_APPSONallows skipping application builds. Apps are required to run tests LIBRESSL_TESTSONallows skipping of tests. Tests are only available in static builds BUILD_SHARED_LIBSOFFCMake option for building shared libraries. ENABLE_ASMONbuilds assembly optimized rules. ENABLE_EXTRATESTSOFFEnable extra tests that may be unreliable on some platforms ENABLE_NCOFFEnable installing TLS-enabled nc(1) OPENSSLDIRBlank Set the default openssl directory. Can be specified from command line using <br> -DOPENSSLDIR=<dirname>Build information for specific systems
HP-UX (11i)
Set the UNIX_STD environment variable to
2003before runningconfigurein order to build with the HP C/aC++ compiler. See the “standards(5)” man page for more details.export UNIX_STD=2003 ./configure makeMinGW-w64 - Windows
LibreSSL builds against relatively recent versions of MinGW-w64, not to be confused with the original mingw.org project. MinGW-w64 3.2 or later should work. See README.mingw.md for more information.
Emscripten
When configuring LibreSSL for use with Emscripten, make sure to prepend
emcmaketo yourcmakeconfiguration command. Once configured, you can proceed with your usualcmakecommands. For example:emcmake cmake . -Bbuild cmake --build build --config Release ctest --test-dir build -C Release --output-on-failureUsing LibreSSL
CMake
Make a new folder in your project root (where your main
CMakeLists.txtfile is located) called CMake. Copy theFindLibreSSL.cmakefile to that folder, and add the following line to your mainCMakeLists.txt:set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}")After your
add_executableoradd_libraryline in yourCMakeLists.txtfile add the following:find_package(LibreSSL REQUIRED)It will tell CMake to find LibreSSL and if found will let you use the following 3 interfaces in your
CMakeLists.txtfile:- LibreSSL::Crypto
- LibreSSL::SSL
- LibreSSL::TLS
If you for example want to use the LibreSSL TLS library in your test program, include it like so (SSL and Crypto are required by TLS and included automatically too):
target_link_libraries(test LibreSSL::TLS)Full example:
cmake_minimum_required(VERSION 3.10.0) set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}") project(test) add_executable(test Main.cpp) find_package(LibreSSL REQUIRED) target_link_libraries(test LibreSSL::TLS)Linux
Following the guide in the sections above to compile LibreSSL using make and running
sudo make installwill install LibreSSL to the/usr/local/folder, and will be found automatically by find_package. If your system installs it to another location, or you have placed them yourself in a different location, you can set the CMake variableLIBRESSL_ROOT_DIRto the correct path, to help CMake find the library.Windows
Placing the library files in
C:/Program Files/LibreSSL/liband the include files inC:/Program Files/LibreSSL/includeshould let CMake find them automatically, but it is recommended that you use CMake-GUI to set the paths. It is more convenient as you can have the files in any folder you choose.