View openssl arguments

Question

Due to the heartbleed openssl vulnerability , I need to compile openssl from source.However i would like to know the argument that was passed at ./config phase so that I can use the same for the latest openssl .

What command should I use to get this detail ?

Do I need to regenerate my SSL cert for my site?

Answer 1

i would like to know the argument that was passed at ./config

As vcsjones stated (he should have answered), use openssl version -a for some (perhaps most?) of them:

$ /usr/local/ssl/darwin/bin/openssl version -a
OpenSSL 1.0.1g 7 Apr 2014
built on: Mon Apr 14 11:54:49 EDT 2014
platform: darwin64-x86_64-cc
options:  bn(64,64) rc4(ptr,char) des(idx,cisc,16,int) idea(int) blowfish(idx) 
compiler: cc -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN 
-DHAVE_DLFCN_H -Wa,--noexecstack -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/local/ssl/darwin"

Some options/arguments you will need to know how they got there. For example, for -fPIC and -DOPENSSL_PIC, I added export CFLAGS="-fPIC" before I compiled.

Others are simply missing. For example, I config'd with no-ssl2. That's found in <openssl/opensslconf.h>:

$ cat /usr/local/ssl/darwin/include/openssl/opensslconf.h | grep SSL2
#ifndef OPENSSL_NO_SSL2
# define OPENSSL_NO_SSL2
# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
#  define NO_SSL2
# endif