Communications (TCP/IP, MQ, APPC, HLLAPI, CICS) : Q: Where do I get OpenSSL Libraries from and how do I set them up for VA Smalltalk 8.6.2 and above?

Q: Where do I get OpenSSL Libraries from and how do I set them up for VA Smalltalk 8.6.2 and above?
Beginning with VA Smalltalk 8.6.2, a cryptographic feature is available alongside enhanced SSL/TLS support, both of which depend on the OpenSSL library. However, VA Smalltalk 8.6.2 and beyond will no longer ship with OpenSSL as part of the product.
Users not familiar with OpenSSL, and/or native library connectivity in VA Smalltalk, might be left wondering where to get OpenSSL and how to set it up for use with VA Smalltalk.
The following are instructions on how to setup and configure OpenSSL for use with VA Smalltalk.
VA Smalltalk 8.6.2 and above supports OpenSSL version >= 1.0.0. Anything below this version level is not only unsupported, but is known to be incompatible.
Some background and general description of what needs to be done is provided to get you comfortable with how this all works, but the impatient may wish to skip down to the specific platform sections.
Once you have completed all the steps, you can test VA Smalltalk's connectivity with OpenSSL by performing the following:
Choose ST: Socket Communications Interface to be loaded and press Ok.
Execute the following Smalltalk Code: OSSslVersion printStatusCheck
Check the Transcript to see if any errors were reported (nothing is printed if everything is ok).
OpenSSL is an open-source implementation of the SSL/TLS protocols written in C and distributed as two shared libraries.
The first library is generally referred to as the cryptographic library and includes a rich set of cryptographic primitives. Examples of cryptographic primitives are message digests, symmetric ciphers, public/private key algorithms, and secure random number generators. This shared library is used by VA Smalltalk's Cryptographic Support feature. On Windows this is named libeay32.dll. On Unix this is named
The second library implements the SSL/TLS protocol used for secure digital communications, such as HTTPS, and depends on the functionality from the cryptographic library. On Windows this is named ssleay32.dll. On Unix this is named
Connecting VA Smalltalk to OpenSSL
Before we look at how to acquire and setup OpenSSL for a specific platform, we are going to take a quick look at how this connection is made, since the concepts are identical across all platforms.
VA Smalltalk looks to the configuration file (i.e. abt.ini) to figure out how to form a connection with both the cryptographic and SSL/TLS libraries. Specifically, in the section called [PlatformLibrary Name Mappings] there are two entries of interest. The first one is called CRYPTO_LIB and should reference the name of the cryptographic library. The second one is SSL_LIB and should reference the name of the SSL/TLS library.
You will notice that in a default installation of VA Smalltalk, these names are already mapped. What does this mean? It means that if these libraries are located in your image directory, VA Smalltalk's binary directory (i.e. where the abt executable lives) or any of the system's default library paths, then VA Smalltalk will find it. An easy way to ensure this is the case is to make a copy of the cryptographic and SSL/TLS libraries and place them in VA Smalltalk's Binary directory. Doing it this way ensures you know exactly what library versions VA Smalltalk will be using and no modifications to the abt.ini file will be required.
In other situations, multiple versions of OpenSSL libraries may be installed on your system and you may wish to reference a specific version. In this case you can map a platform library name to an absolute path. For example, CRYPTO_LIB=/usr/lib/ssl/ If you do it this way, you want to be sure that both SSL_LIB and CRYPTO_LIB are using the same version of the OpenSSL library. Undefined behavior (most likely a random crash) can occur if you used the CRYPTO_LIB example above, but then set SSL_LIB=/usr/lib/ssl/
We will now go over acquiring OpenSSL for each platform and setup using the recommended way which can be summarized as follows:
i.e. libeay32.dll and ssleay32.dll on Windows
i.e. and on Unix/Linux
i.e. C:\Program Files (x86)\Instantiations\VA Smalltalk\8.6
i.e. /usr/local/VASmalltalk/8.6/bin
i.e. which you will want to rename the copy to
Windows binaries can be found from links at the following location:
If running on VA Smalltalk 32-bit, you will need the 32-bit OpenSSL libraries. VA Smalltalk 64-bit will require 64-bit OpenSSL libraries.
Example (VA Smalltalk 32-bit):
At the time of writing, this is
Unzip the downloaded file and copy libeay32.dll and ssleay32.dll to VA Smalltalk's Binary Directory
i.e. C:\Program Files (x86)\Instantiations\VA Smalltalk\8.6
There are many different distributions of Linux making it difficult to provide the exact commands for downloading OpenSSL, however the good news is that OpenSSL is readily available from the package management system of any given Linux distribution.
An important note is that if you have a 64-bit Linux distribution and you are running VA Smalltalk 32-bit, you will need to specifically request that the OpenSSL 32-bit libraries be installed. This is a common library issue on Linux and package manager specific. We can't cover them all here, but we will provide a few examples below. The recommended approach is to perform a simple web search for installing openssl on your specific flavor/bitness of Linux.
(OpenSSL 32-bit on Ubuntu 32-bit) apt-get install openssl
(OpenSSL 32-bit on Ubuntu 64-bit) apt-get install openssl:i386
(OpenSSL 32-bit on Fedora 32/64-bit) dnf install openssl.i686
Assuming you have installed OpenSSL on your Linux distribution, the next step is to find out where libcrypto and libssl are. We want to do this because we are going to copy them to the binary directory of VA Smalltalk. Again, since the locations of these libraries are going to be Linux distribution specific, it makes it difficult to say exactly where they are located. For example on Fedora 22 32-bit, they are located in /usr/lib. On Ubuntu 15.04 64-bit, the 32-bit OpenSSL libraries are located in /lib/i386-linux-gnu.
The universal approach is to use the 'find' command starting at the root directory. For example, the following can be used across all Unix/Linux flavors to identify where libssl is located: find / -name libssl* 2>/dev/null'. Once you find the location, libcrypto should be in the same directory. Below is a complete example on Ubuntu 15.04 64-bit.
Example (VA Smalltalk 32-bit on Ubuntu 15.04 64-bit):
i.e. cp /lib/i386-linux-gnu/ /usr/local/VASmalltalk/8.6/bin/
i.e. cp /lib/i386-linux-gnu/ /usr/local/VASmalltalk/8.6/bin/
Solaris 11 comes with OpenSSL 1.0.0 and is located in /usr/lib. Prior releases of Solaris come with versions of OpenSSL older than what VA Smalltalk 8.6.2 supports. In these cases, OpenSSL must be built from source or pre-built binaries can be acquired from third-party providers such as:
The example shows how to configure OpenSSL 1.0.2d for VA Smalltalk using pre-built binaries from
Example (VA Smalltalk 32-bit on Solaris 10 using pre-built binaries)
Go to: and login (requires an account)
i.e. cp /usr/local/ssl/lib/ /usr/local/VASmalltalk/8.6/bin/
i.e. cp /usr/local/ssl/lib/ /usr/local/VASmalltalk/8.6/bin/
We highly recommend using an updated version of OpenSSL that is distributed by IBM for AIX via fix packs to the openssl.base fileset. At the time of writing, these fixpacks can be found here:
AIX often distributes archive files that have embedded shared libraries. These shared libraries must be extracted so VA Smalltalk can use them.
The example below shows how to configure OpenSSL 1.0.0 for VA Smalltalk using the IBM supported libraries
Example (VA Smalltalk 32-bit on AIX 6.1)
i.e. cp /usr/ lib/ /usr/local/VASmalltalk/8.6/bin/
i.e. cp /usr/lib/ /usr/local/VASmalltalk/8.6/bin/