OpenSSL supports RSA encryption, which most web browsers use in SSL sessions. Inside the United States, however, RSA.com holds a patent on the RSA encryption algorithms, and that makes it illegal to use OpenSSL with its standard RSA support. For legal use inside the United States, OpenSSL must be built to use the RSAREF encryption libraries, which are included with the OpenSSL.^[88] The simplest way to build OpenSSL is using the “RSAglue” method. Using this method, you’ll need to build support for OpenSSL into your application, such as stunnel, by including the header file RSAref.h in your application’s Makefile at build time. An example is given in the instructions for building stunnel a little bit later in this section.

OpenSSL installs under /usr/local/ssl by default (not in /usr/local as the documentation might indicate). If you don’t want it installed there, then read the INSTALL file provided with the distribution for instructions on how to change the install location.

Unpack the distribution:

%zcat openssl-0.9.5a.tar.gz | tar xvf -

In the top level of the unpacked distribution, run the config script:

%./config

Next, build OpenSSL:

%make
% make test
# make install

If you are inside the United States, there is one final step—you will need to copy the rsaref.h header file and libRSAglue.a ...