Communications (TCP/IP, MQ, APPC, HLLAPI, CICS) : Q: Where do I get OpenSSL Libraries from and how do I set them up for VA Smalltalk 8.6.2 and above?

Q: Where do I get OpenSSL Libraries from and how do I set them up for VA Smalltalk 8.6.2 and above?
Beginning with VA Smalltalk 8.6.2, a cryptographic feature is available alongside enhanced SSL/TLS support, both of which depend on the OpenSSL library. However, VA Smalltalk 8.6.2 and beyond will no longer ship with OpenSSL as part of the product.
Users not familiar with OpenSSL, and/or native library connectivity in VA Smalltalk, might be left wondering where to get OpenSSL and how to set it up for use with VA Smalltalk.
The following are instructions on how to setup and configure OpenSSL for use with VA Smalltalk.
Support Level:
VA Smalltalk 8.6.2 and above supports OpenSSL version 1.0.x. Anything below this version level is not just unsupported; it is known to be incompatible.
VA Smalltalk 8.6.3 and above supports OpenSSL version 1.1.0.
VA Smalltalk 9.1 and above supports OpenSSL version 1.1.1.
Some background and a general description of what needs to be done to connect VA Smalltalk to OpenSSL gets you comfortable with how this works, but the impatient may wish to skip down to the setup of the specific platform sections.
OpenSSL is an open-source implementation of the SSL/TLS protocols written in C and distributed as two shared libraries.
The first library is generally referred to as the cryptographic library and includes a rich set of cryptographic primitives. Examples of cryptographic primitives are message digests, symmetric ciphers, public/private key algorithms, and secure random number generators. This shared library is used by VA Smalltalk's Cryptographic Support feature.
C:\Users\documentation\Documents\vastePublisher\stable\VAS Documentation Word\images\windows.gif
C:\Users\documentation\Documents\vastePublisher\stable\VAS Documentation Word\images\aixicon.gif
The second library implements the SSL/TLS protocol used for secure digital communications, such as HTTPS, and depends on the functionality from the cryptographic library.
C:\Users\documentation\Documents\vastePublisher\stable\VAS Documentation Word\images\windows.gif
C:\Users\documentation\Documents\vastePublisher\stable\VAS Documentation Word\images\aixicon.gif
Connecting VA Smalltalk to OpenSSL
Before describing at how to acquire and setup OpenSSL for a specific platform, consider how this connection is made, since the concepts are identical across all platforms.
VA Smalltalk looks to the configuration file (i.e. abt.ini) to figure out how to form a connection with both the cryptographic and SSL/TLS libraries. Specifically, in the section called [PlatformLibrary Name Mappings] there are two entries of interest. The first one is called CRYPTO_LIB and should reference the name of the cryptographic library. The second one is SSL_LIB and should reference the name of the SSL/TLS library.
Notice that in a default installation of VA Smalltalk, these names are already mapped. This means that if these libraries are located in your image directory, VA Smalltalk's binary directory (i.e. where the abt executable lives) or any of the system's default library paths, then VA Smalltalk will find it. An easy way to ensure this is the case is to make a copy of the cryptographic and SSL/TLS libraries and place them in VA Smalltalk's Binary directory. This ensures you know exactly what library versions VA Smalltalk will be using and requires no modifications to the abt.ini file.
In other situations, multiple versions of OpenSSL libraries may be installed on your system and you may wish to reference a specific version. In this case you can map a platform library name to an absolute path. For example,
Be sure that both SSL_LIB and CRYPTO_LIB are using the same version of the OpenSSL library. Undefined behavior (most likely a random crash) can occur if you set the CRYPTO_LIB=/usr/lib/ssl/, but then set SSL_LIB=/usr/lib/ssl/
Set up
This section describes how to 1) acquire OpenSSL for each platform and 2) setup VA Smalltalkto connect to OpenSSL. The recommended way is summarized as follows:
i.e. libeay32.dll and ssleay32.dll on Windows if using OpenSSL version < 1.1.0
i.e. libcrypto.dll and libssl.dll on Windows if using OpenSSL version >= 1.1.0
i.e. and on Unix/Linux
e.g.. C:\Program Files (x86)\Instantiations\VA Smalltalk\8.6 on Windows
e.g.. /usr/local/VASmalltalk/8.6/bin on Unix/Linux
C:\Users\documentation\Documents\vastePublisher\stable\VAS Documentation Word\images\aixicon.gif
The version may appear as part of the name. In this case, discard the version in the abt.ini entry.for example, rename. to
The .dll or .so extension is implied in the abt.ini, so it is sufficient if the abt.ini entry just says libcrypto.
Windows binaries can be found from links at the following location:
VA Smalltalk 32-bit requires 32-bit OpenSSL libraries. VA Smalltalk 64-bit requires 64-bit OpenSSL libraries.
Example (VA Smalltalk 32-bit):
At the time of writing, this is
Unzip the downloaded file and copy libeay32.dll and ssleay32.dll to VA Smalltalk's Binary Directory.
e.g.. C:\Program Files (x86)\Instantiations\VA Smalltalk\8.6
There are many different distributions of Linux making it difficult to provide the exact commands for downloading OpenSSL; however the good news is that OpenSSL is readily available from the package management system of any given Linux distribution.
If you have a 64-bit Linux distribution and you are running VA Smalltalk 32-bit, you will need to specifically request that the OpenSSL 32-bit libraries be installed.
This is a common library issue on Linux with a package manager specific solution. The recommended approach is to perform a simple web search for installing OpenSSL on your specific flavor/bitness of Linux. Here are a few examples:
(OpenSSL 32-bit on Ubuntu 32-bit) apt-get install openssl
(OpenSSL 32-bit on Ubuntu 64-bit) apt-get install openssl:i386
(OpenSSL 32-bit on Fedora 32/64-bit) dnf install openssl.i686
Assuming you have installed OpenSSL on your Linux distribution, the next step is to locate libcrypto and libssl. This step is necessary in order to copy them to the binary directory of VA Smalltalk. Again, since the locations of these libraries are going to be Linux distribution specific, it is difficult to say exactly where they are located. For example
The universal approach is to use the 'find' command starting at the root directory. For example, the following can be used across all Unix/Linux flavors to identify where libssl is located:
find / -name libssl* 2>/dev/null'
libcrypto should be in the same directory as libssl. Below is a complete example on Ubuntu 15.04 64-bit.
Example (VA Smalltalk 32-bit on Ubuntu 15.04 64-bit):
sudo apt-get install openssl:i386
cp /lib/i386-linux-gnu/ /usr/local/VASmalltalk/8.6/bin/
cp /lib/i386-linux-gnu/ /usr/local/VASmalltalk/8.6/bin/
Solaris 11 comes with OpenSSL 1.0.0 and is located in /usr/lib. Prior releases of Solaris come with versions of OpenSSL older than what VA Smalltalk 8.6.2 supports. In these cases, OpenSSL must be built from source or pre-built binaries can be acquired from third-party providers such as:
The example shows how to configure OpenSSL 1.0.2d for VA Smalltalk using pre-built binaries from
Example (VA Smalltalk 32-bit on Solaris 10 using pre-built binaries)
Go to: and login (requires an account)
gunzip openssl-1.0.2d-sol10-sparc-local.gz
pkgadd -d openssl-1.0.2d-sol10-sparc-local
cp /usr/local/ssl/lib/ /usr/local/VASmalltalk/8.6/bin/
cp /usr/local/ssl/lib/ /usr/local/VASmalltalk/8.6/bin/
We highly recommend using an updated version of OpenSSL that is distributed by IBM for AIX via fix packs to the openssl.base fileset. At the time of writing, these fixpacks can be found here:
AIX often distributes archive files that have embedded shared libraries. These shared libraries must be extracted so VA Smalltalk can use them.
The example below shows how to configure OpenSSL 1.0.0 for VA Smalltalk using the IBM supported libraries.
Example (VA Smalltalk 32-bit on AIX 6.1)
cd /usr/lib
ar -x libssl.a
ar -x libcrypto.a
cp /usr/ lib/ /usr/local/VASmalltalk/8.6/bin/
cp /usr/lib/ /usr/local/VASmalltalk/8.6/bin/
Test connectivity
Once you have completed all the steps, you can test VA Smalltalk's connectivity with OpenSSL by performing the following:
Choose ST: Socket Communications Interface to be loaded and press Ok.
OSSslVersion printStatusCheck
Check the Transcript to see if any errors were reported. (Nothing is printed if everything is ok).
OSSslVersion getLibraryVersion
Common Problems
e.g.. Some Windows binaries name the shared libraries libcrypto-1_1.dll and libssl-1_1.dll instead of libcrypto.dll and libssl.dll. In this case, be sure that the name is accurately reflected in the ini file like so: