openssl with zlib support. This shows how to install openssl with zlib support. For this, we need to first configure the compile and installation process to include the zlib. It’s worth noting that the need of using zlib didn’t came from compressing communication (as this may cause some trouble with the security of the communication, i.e CRIME), instead, we came to need zlib compression while working with Android backups and restores.
As mentioned, we came to need zlib compression not to compress TLS communication, instead, this was needed while working with Android backups and requiring to compress an application backup before restoring it into and Android Virtual Device. It’s important to note that we fired up an Ubuntu virtual machine to do the process described below.
First, we check which openssl we have and then try to run it using the zlib option, noticing that the library is not supported.
This is a newly installed, out of the box instance, of Ubuntu, which has the regular openssl installation. Since there is already openssl on it, we first uninstall the current version and then proceed to download the latest stable version of openssl from the official site: https://www.openssl.org/source/. By the time of writing, the latest stable version is the 1.1.0 series, we download the tar file along with the SHA256 hash for checksum:
Before moving forward to configure and install openssl with zlib, we need to install the zlib library with development support, this will provide the openssl compilation process, access zlib library’s code:
With the zlib library installed, let’s now extract the contents of the openssl tar we downloaded before and move into the created directory:
Now, we configure and tune the compile and installation process to include the zlib library, we do this with the next command:
You should receive a message stating that it has been configured for your specific architecture, like shown below:
Now that the configuration is ready, we proceed to build the code by issuing the make command:
It should finish after a while and now we are ready to install, we do this by issuing the make install command:
You should see an output similar to the shown below:
We can now check if openssl has zlib capabilities by inspecting the version information and grepping for DZLIB
At this point, If you try to run openssl with zlib and get a message complaining about a lib shared object not found, you still might need to add the lib path to /etc/ld.so.conf, as shown bellow, remember to run the ldconfig command after editing the file:
And now you have zlib capabilities on your openssl installation. In the image below you’ll only see a blinking cursor and no error message this time:
Conclusion
zlib is a free, portable and general purpose library that allows for data compression and decompression. Most of the openssl installations you come across, does not have support for zlib, this is mainly because data compression on TLS communication may lead to attacks like CRIME, thus, building openssl with zlib is better to be done when you need it for an specific data compression task or if you really know what you are doing.
Thanks, It was so useful!!!