Due to the heartbleed openssl vulnerability , I need to compile openssl from source.However i would like to know the argument that was passed at ./config phase so that I can use the same for the latest openssl .
What command should I use to get this detail ?
Do I need to regenerate my SSL cert for my site?
i would like to know the argument that was passed at
./config
As vcsjones stated (he should have answered), use openssl version -a for some (perhaps most?) of them:
$ /usr/local/ssl/darwin/bin/openssl version -a
OpenSSL 1.0.1g 7 Apr 2014
built on: Mon Apr 14 11:54:49 EDT 2014
platform: darwin64-x86_64-cc
options: bn(64,64) rc4(ptr,char) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: cc -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -Wa,--noexecstack -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/local/ssl/darwin"
Some options/arguments you will need to know how they got there. For example, for -fPIC and -DOPENSSL_PIC, I added export CFLAGS="-fPIC" before I compiled.
Others are simply missing. For example, I config'd with no-ssl2. That's found in <openssl/opensslconf.h>:
$ cat /usr/local/ssl/darwin/include/openssl/opensslconf.h | grep SSL2
#ifndef OPENSSL_NO_SSL2
# define OPENSSL_NO_SSL2
# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
# define NO_SSL2
# endif