openssl: relocation error: openssl: symbol EVP_mdc2 version OPENSSL_1_1_0 not defined in file libcrypto.so.1.1 with link time reference

[HassanMullah]

Hello,

I am using an Ubuntu Server 18.04.4 LTS as an Apache reverse proxy. It had the OpenSSL version 1.1.1 installed and I wanted to update to the current 1.1.1d as well.

For this I followed the following instructions:
https://askubuntu.com/questions/1102803/how-to-upgrade-openssl-1-1-0-to-1-1-1-in-ubuntu-18-04

I have done the download etc. in the home directory of the user root

I just adjusted everything from 1.1.1a to 1.1.1d.
Everything went OK. At the end I made the one restart of the servers.

If I type "openssl version" now, I get the following error message:

openssl: relocation error: openssl: symbol EVP_mdc2 version OPENSSL_1_1_0 not defined in file libcrypto.so.1.1 with link time reference

What do I have to do to get the version and functionality displayed again?

Here still the output of
perl configdata.pm --dump

root@myserver:~/openssl-1.1.1d# perl configdata.pm --dump

Command line (with current working directory = .):

    /usr/bin/perl ./Configure linux-aarch64

Perl information:

    /usr/bin/perl
    5.26.1 for aarch64-linux-gnu-thread-multi

Enabled features:

    afalgeng
    aria
    asm
    async
    autoalginit
    autoerrinit
    autoload-config
    bf
    blake2
    buildtest-c\+\+
    camellia
    capieng
    cast
    chacha
    cmac
    cms
    comp
    ct
    deprecated
    des
    dgram
    dh
    dsa
    dtls
    dynamic-engine
    ec
    ec2m
    ecdh
    ecdsa
    engine
    err
    filenames
    gost
    hw(-.+)?
    idea
    md4
    mdc2
    multiblock
    nextprotoneg
    pinshared
    ocb
    ocsp
    pic
    poly1305
    posix-io
    psk
    rc2
    rc4
    rdrand
    rfc3779
    rmd160
    scrypt
    seed
    shared
    siphash
    sm2
    sm3
    sm4
    sock
    srp
    srtp
    sse2
    ssl
    static-engine
    stdio
    tests
    threads
    tls
    ts
    ui-console
    whirlpool
    tls1
    tls1-method
    tls1_1
    tls1_1-method
    tls1_2
    tls1_2-method
    tls1_3
    dtls1
    dtls1-method
    dtls1_2
    dtls1_2-method

Disabled features:

    asan                    [default]     OPENSSL_NO_ASAN
    crypto-mdebug           [default]     OPENSSL_NO_CRYPTO_MDEBUG
    crypto-mdebug-backtrace [default]     OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
    devcryptoeng            [default]     OPENSSL_NO_DEVCRYPTOENG
    ec_nistp_64_gcc_128     [default]     OPENSSL_NO_EC_NISTP_64_GCC_128
    egd                     [default]     OPENSSL_NO_EGD
    external-tests          [default]     OPENSSL_NO_EXTERNAL_TESTS
    fuzz-libfuzzer          [default]     OPENSSL_NO_FUZZ_LIBFUZZER
    fuzz-afl                [default]     OPENSSL_NO_FUZZ_AFL
    heartbeats              [default]     OPENSSL_NO_HEARTBEATS
    makedepend              [unavailable]
    md2                     [default]     OPENSSL_NO_MD2 (skip crypto/md2)
    msan                    [default]     OPENSSL_NO_MSAN
    rc5                     [default]     OPENSSL_NO_RC5 (skip crypto/rc5)
    sctp                    [default]     OPENSSL_NO_SCTP
    ssl-trace               [default]     OPENSSL_NO_SSL_TRACE
    ubsan                   [default]     OPENSSL_NO_UBSAN
    unit-test               [default]     OPENSSL_NO_UNIT_TEST
    weak-ssl-ciphers        [default]     OPENSSL_NO_WEAK_SSL_CIPHERS
    zlib                    [default]
    zlib-dynamic            [default]
    ssl3                    [default]     OPENSSL_NO_SSL3
    ssl3-method             [default]     OPENSSL_NO_SSL3_METHOD

Config target attributes:

    AR => "ar",
    ARFLAGS => "r",
    CC => "gcc",
    CFLAGS => "-Wall -O3",
    CXX => "g++",
    CXXFLAGS => "-Wall -O3",
    HASHBANGPERL => "/usr/bin/env perl",
    RANLIB => "ranlib",
    RC => "windres",
    aes_asm_src => "aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S",
    aes_obj => "aes_core.o aes_cbc.o aesv8-armx.o vpaes-armv8.o",
    apps_aux_src => "",
    apps_init_src => "",
    apps_obj => "",
    bf_asm_src => "bf_enc.c",
    bf_obj => "bf_enc.o",
    bn_asm_src => "bn_asm.c armv8-mont.S",
    bn_obj => "bn_asm.o armv8-mont.o",
    bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
    build_file => "Makefile",
    build_scheme => [ "unified", "unix" ],
    cast_asm_src => "c_enc.c",
    cast_obj => "c_enc.o",
    cflags => "-pthread",
    chacha_asm_src => "chacha-armv8.S",
    chacha_obj => "chacha-armv8.o",
    cmll_asm_src => "camellia.c cmll_misc.c cmll_cbc.c",
    cmll_obj => "camellia.o cmll_misc.o cmll_cbc.o",
    cppflags => "",
    cpuid_asm_src => "armcap.c arm64cpuid.S",
    cpuid_obj => "armcap.o arm64cpuid.o",
    cxxflags => "-std=c++11 -pthread",
    defines => [  ],
    des_asm_src => "des_enc.c fcrypt_b.c",
    des_obj => "des_enc.o fcrypt_b.o",
    disable => [  ],
    dso_extension => ".so",
    dso_scheme => "dlfcn",
    ec_asm_src => "ecp_nistz256.c ecp_nistz256-armv8.S",
    ec_obj => "ecp_nistz256.o ecp_nistz256-armv8.o",
    enable => [ "afalgeng" ],
    ex_libs => "-ldl -pthread",
    exe_extension => "",
    includes => [  ],
    keccak1600_asm_src => "keccak1600-armv8.S",
    keccak1600_obj => "keccak1600-armv8.o",
    lflags => "",
    lib_cflags => "",
    lib_cppflags => "-DOPENSSL_USE_NODELETE",
    lib_defines => [  ],
    md5_asm_src => "",
    md5_obj => "",
    modes_asm_src => "ghashv8-armx.S",
    modes_obj => "ghashv8-armx.o",
    module_cflags => "-fPIC",
    module_cxxflags => "",
    module_ldflags => "-Wl,-znodelete -shared -Wl,-Bsymbolic",
    padlock_asm_src => "",
    padlock_obj => "",
    perlasm_scheme => "linux64",
    poly1305_asm_src => "poly1305-armv8.S",
    poly1305_obj => "poly1305-armv8.o",
    rc4_asm_src => "rc4_enc.c rc4_skey.c",
    rc4_obj => "rc4_enc.o rc4_skey.o",
    rc5_asm_src => "rc5_enc.c",
    rc5_obj => "rc5_enc.o",
    rmd160_asm_src => "",
    rmd160_obj => "",
    sha1_asm_src => "sha1-armv8.S sha256-armv8.S sha512-armv8.S",
    sha1_obj => "sha1-armv8.o sha256-armv8.o sha512-armv8.o",
    shared_cflag => "-fPIC",
    shared_defflag => "-Wl,--version-script=",
    shared_defines => [  ],
    shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
    shared_extension_simple => ".so",
    shared_ldflag => "-Wl,-znodelete -shared -Wl,-Bsymbolic",
    shared_rcflag => "",
    shared_sonameflag => "-Wl,-soname=",
    shared_target => "linux-shared",
    thread_defines => [  ],
    thread_scheme => "pthreads",
    unistd => "<unistd.h>",
    uplink_aux_src => "",
    uplink_obj => "",
    wp_asm_src => "wp_block.c",
    wp_obj => "wp_block.o",

Recorded environment:

    AR =
    ARFLAGS =
    AS =
    ASFLAGS =
    BUILDFILE =
    CC =
    CFLAGS =
    CPP =
    CPPDEFINES =
    CPPFLAGS =
    CPPINCLUDES =
    CROSS_COMPILE =
    CXX =
    CXXFLAGS =
    HASHBANGPERL =
    LD =
    LDFLAGS =
    LDLIBS =
    MT =
    MTFLAGS =
    OPENSSL_LOCAL_CONFIG_DIR =
    PERL =
    RANLIB =
    RC =
    RCFLAGS =
    RM =
    WINDRES =
    __CNF_CFLAGS =
    __CNF_CPPDEFINES =
    __CNF_CPPFLAGS =
    __CNF_CPPINCLUDES =
    __CNF_CXXFLAGS =
    __CNF_LDFLAGS =
    __CNF_LDLIBS =

Makevars:

    AR              = ar
    ARFLAGS         = r
    CC              = gcc
    CFLAGS          = -Wall -O3
    CPPDEFINES      =
    CPPFLAGS        =
    CPPINCLUDES     =
    CXX             = g++
    CXXFLAGS        = -Wall -O3
    HASHBANGPERL    = /usr/bin/env perl
    LDFLAGS         =
    LDLIBS          =
    PERL            = /usr/bin/perl
    RANLIB          = ranlib
    RC              = windres
    RCFLAGS         =

NOTE: These variables only represent the configuration view.  The build file
template may have processed these variables further, please have a look at the
build file for more exact data:
    Makefile

build file:

    Makefile

build file templates:

    Configurations/common0.tmpl
    Configurations/unix-Makefile.tmpl
    Configurations/common.tmpl
root@myserver:~/openssl-1.1.1d#

I'm not a linux pro now and with Openssl I'm also more rudimentary on the road. Please just send me the commands which I have to type in, so that this is OK again.

Thanks a lot

[romen]

Many of the binary packages provided by most Linux distributions contain programs and libraries that are linked against the specific version of openssl that the distribution provides as a package.

As such the openssl/libssl/libcrypto packages should be considered as system packages and it is not advisable to replace them with installations from sources if you don't know exactly what you are doing.

Ubuntu 18.04 since the last quarter of last year should ship with openssl 1.1.1, so the most advisable solution is to undo your manual installation and reinstall the distribution packages

[levitte]

If you insist, though, it's possible that the ldconfig command didn't do the job you expected. That depends on if /usr/local/lib is given in any of /etc/ld.so.conf and /etc/ld.so.conf.d/*

[HassanMullah]

hello levitte, this is my result. What exactly do I have to do now to get the links clean?

`root@myserver:/# cat /etc/ld.so.conf
include /etc/ld.so.conf.d/*.conf

root@myserver:/# cat /etc/ld.so.conf.d/*

Multiarch support

/usr/local/lib/aarch64-linux-gnu
/lib/aarch64-linux-gnu
/usr/lib/aarch64-linux-gnu
/usr/lib/aarch64-linux-gnu/libfakeroot

libc default configuration

/usr/local/lib
root@myserver:/#`

[levitte]

I have no clue. So it might be better to update the installation, since 18.04 now has 1.1.1.

[kapesch]

I did compile Open SSL 1.1.1 from source:
./config
make
make install
and got the same error message. I got rid using the command
make uninstall

[Havoc24k]

ldconfig fixed the issue for me

cat /etc/lsb-release

DISTRIB_ID=elementary
DISTRIB_RELEASE=5.1.3
DISTRIB_CODENAME=hera
DISTRIB_DESCRIPTION="elementary OS 5.1.3 Hera"

[HassanMullah]

ldconfig fixed the issue for me

cat /etc/lsb-release

DISTRIB_ID=elementary
DISTRIB_RELEASE=5.1.3
DISTRIB_CODENAME=hera
DISTRIB_DESCRIPTION="elementary OS 5.1.3 Hera"

Hello Havoc24k, did you have the same mistake? If so, what exactly did you do?

[Havoc24k]

ldconfig fixed the issue for me
cat /etc/lsb-release

DISTRIB_ID=elementary
DISTRIB_RELEASE=5.1.3
DISTRIB_CODENAME=hera
DISTRIB_DESCRIPTION="elementary OS 5.1.3 Hera"

Hello Havoc24k, did you have the same mistake? If so, what exactly did you do?

Hello. I compiled OpenSSL 1.1.1 from source. At first I got the same error. Then I run ldconfig I was able to use the openssl command with no error.

[HassanMullah]

Do you just run ldconfig without any parameter?

[Havoc24k]

Yes because I installed the openssl lib on the standard lib directory. Maybe your installation differs and you need to run the ldconfig command with extra parameters which specify what folders to check to find the new libraries. See the command parameters that ldconfig supports and run it again with the path parameter pointing to where the openssl library is located.

[mattcaswell]

I will reiterate the point made by @romen above:

Many of the binary packages provided by most Linux distributions contain programs and libraries that are linked against the specific version of openssl that the distribution provides as a package.

As such the openssl/libssl/libcrypto packages should be considered as system packages and it is not advisable to replace them with installations from sources if you don't know exactly what you are doing.

Running ldconfig in the way suggested may cause system packages to start trying to use your custom built OpenSSL which could break stuff. Tread carefully.

[HassanMullah]

OK, then how about the detailed procedure to remove the self-compiled OpenSSL package here and re-enable that of Ubuntu Server 18.04 LTS?

[romen]

I just wanted to comment that you must be aware that many distributions consider openssl, libssl and libcrypto system packages as they are dependencies for their own system tools and many other packages depend on them.

Installing your manual compilation of openssl in place of the distributed packages is risky business: distro maintainers might be patching their openssl release in a way that makes things binary incompatible with a vanilla version of openssl, even within releases of the same branch (in this case 1.1.1), so other packages depending on openssl, libcrypto or libssl might start crashing and failing if you go ahead and replace the system version of openssl with your custom installation.

To test a new version or to build other applications based on a more recent version of openssl, the recommended way is to install it in a custom path where it won't affect the general system and compile other software against your custom install path.

Altering ldconfig or LD_LIBRARY_PATH indiscriminately for the whole system to point to your custom install location will create the same problems, so you should alter them only for the applications that have been compiled against your custom installation (or use runpath/rpath at linking time so that the compiled software embeds hints on the custom library search path).

[romen]

OK, then how about the detailed procedure to remove the self-compiled OpenSSL package here and re-enable that of Ubuntu Server 18.04 LTS?

If you installed in /usr/local a sudo make uninstall from the directory in which your configured and built openssl should suffice to remove your custom installation.

If you installed somewhere else overwriting the files provided by Ubuntu packages, then this can be risky as apt might depend on libssl to download packages.

You might want to make sure that for any installed openssl package (I guess Ubuntu has one for the binary tool, one for libssl and one for libcrypto, plus the -dev and - dbg, and multiarch counterparts available) you have a local package to force reinstall from.
So you should check exactly what packages are installed according to your package manager and download the deb files in advance in case you need to force a manual local reinstallation.

Anyway, the best way to get proper support on how to restore your distro installation after manually overwriting files for the system packages is to ask it on the distro support channels!

[anil510]

ldconfig fixed the issue for me

Hello Havoc24k, did you have the same mistake? If so, what exactly did you do?

Hello, I solved this by following step.

Added /usr/lib to the file /etc/ld.so.conf.d/libc.conf and ran the command ldconfig. It solved the issue.

Earlier the error was

openssl version

openssl: relocation error: openssl: symbol EVP_mdc2 version OPENSSL_1_1_0 not defined in file libcrypto.so.1.1 with link time reference

Once the solution applied, the error gone.

openssl version

OpenSSL 1.1.1f 31 Mar 2020

[sanchil]

ldconfig fixed the issue for me

Hello Havoc24k, did you have the same mistake? If so, what exactly did you do?

Hello, I solved this by following step.

Added /usr/lib to the file /etc/ld.so.conf.d/libc.conf and ran the command ldconfig. It solved the issue.

Earlier the error was

openssl version

openssl: relocation error: openssl: symbol EVP_mdc2 version OPENSSL_1_1_0 not defined in file libcrypto.so.1.1 with link time reference

Once the solution applied, the error gone.

openssl version

OpenSSL 1.1.1f 31 Mar 2020

Task: Trying to build nginx 1.19.1 from source and trying to build and install openssl1.1.1g on top of existing version openssl1.1.1f
Os: Linux Mint 20 and existing version openssl1.1.1f
instructions for openssl build and install :
./config
make
sudo make install

Error seen on running "openssl version" command as below:

openssl: symbol lookup error: openssl: undefined symbol: EVP_mdc2, version OPENSSL_1_1_0

Resolution: add the following entry /usr/lib to /etc/ld.so.conf.d/libc.conf file and run command 'ldconfig'
$ldconfig
check openssl version and it must show openssl1.1.1g
thnx a lot to the guys here for resolving it for me.

[sanchil]

Alternatively the following also may work, though I never tried it ...
when building openssl from source, for linux mint 20 os, try

./config --prefix=/usr/local/lib
make
sudo make install

or

try manually copying the libcrypt and libssl library files to whereever openssl is searching for. this of course is the least desirable solution/option.

[twghu]

After testing with LDFLAGS and various options to ./config this was simplest for running and debugging. Forcing the use of the libraries in the build folder rather than the system ones which cause the error.

./config -d -g3 -ggdb -O0
make
env LD_LIBRARY_PATH=`pwd` apps/openssl
OpenSSL> 

Likely there are more "conventional" options for setting up Configure, this just seems the least impact for testing and debugging.

Checking library dependencies:

ldd apps/openssl
        linux-vdso.so.1 (0x00007ffce23f7000)
        **libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007fae95140000)
        libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007fae94e6a000)**
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fae94e47000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fae94c55000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fae94c4f000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fae952c1000)

env LD_LIBRARY_PATH=`pwd` ldd apps/openssl
        linux-vdso.so.1 (0x00007ffdc458e000)
        libssl.so.1.1 => /home/fozziebear/github/openssl/openssl/libssl.so.1.1 (0x00007f9fbd963000)
        libcrypto.so.1.1 => /home/fozziebear/eng/github/openssl/openssl/libcrypto.so.1.1 (0x00007f9fbd616000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f9fbd5e1000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f9fbd3ef000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f9fbd3e9000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f9fbdaf9000)](url)

An interesting solution to libraries locations in general was presented in this article

patchelf apps/openssl --replace-needed libssl.so.1.1 ./libssl.so.1.1
patchelf apps/openssl --replace-needed libcrypto.so.1.1 ./libcrypto.so.1.1
ldd apps/openssl
        linux-vdso.so.1 (0x00007ffda9fa5000)
        **./libssl.so.1.1 (0x00007fb3bafb1000)
        ./libcrypto.so.1.1 (0x00007fb3bac64000)**
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fb3bac2f000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fb3baa3d000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fb3baa37000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fb3bb2dc000)
env LD_LIBRARY_PATH=`pwd` apps/openssl
OpenSSL> 

This seems cleaner than copying/moving system library files around or running make/install when debugging/testing before final build.

[Obad94]

sudo ldconfig solved my problem.

[lc11535]

ldconfig fixed the issue for me

Hello Havoc24k, did you have the same mistake? If so, what exactly did you do?

Hello, I solved this by following step.

Added /usr/lib to the file /etc/ld.so.conf.d/libc.conf and ran the command ldconfig. It solved the issue.

Earlier the error was

openssl version

openssl: relocation error: openssl: symbol EVP_mdc2 version OPENSSL_1_1_0 not defined in file libcrypto.so.1.1 with link time reference

Once the solution applied, the error gone.

openssl version

OpenSSL 1.1.1f 31 Mar 2020

this method is useful...... thank you!

[kaduk]

For what it's worth, my understanding is that /usr/lib need not be explicitly listed in /etc/ld.so.conf.d/*, so that just running ldconfig (as root) without editing the file should have worked as well.

[nick2525]

openssl: symbol lookup error: openssl: undefined symbol: EVP_mdc2, version OPENSSL_1_1_0, I tried ldconfig, move libraries, edit /etc/ld.so.conf.d/libc.conf, did't worked for me, I have ubuntu 20.04 lts in docker. Maybe you can add new version in backports?

[saddam1995]

Run error code 404,500

[johnhemming]

Another vote for sudo ldconfig sorting it out.

[levitte]

@kaduk spoke thusly:

For what it's worth, my understanding is that /usr/lib need not be explicitly listed in /etc/ld.so.conf.d/*, so that just running ldconfig (as root) without editing the file should have worked as well.

And for OpenSSL installations in /usr/local, it's simple to add a local file (say, /etc/ld.so.conf.d/local.conf with this content:

/usr/local/lib

(not necessary on Debian systems, at least those I have access to, as this comes with the package libc-bin)

[Lebhoryi]

Yes because I installed the openssl lib on the standard lib directory. Maybe your installation differs and you need to run the ldconfig command with extra parameters which specify what folders to check to find the new libraries. See the command parameters that ldconfig supports and run it again with the path parameter pointing to where the openssl library is located.

thx, it help me

install: ./config --prefix=/usr/local/openssl, somy openssl package is in /usr/local/openssl,

add lib path: echo '/usr/local/openssl/lib' >> /etc/ld.so.conf.d/libc.conf

then: ldconfig

it is okay for me.

my PC: Ubuntu20.04

[elcheco]

@Lebhoryi what version have you been compiling?

I am trying to compile latest version: OpenSSL_1_1_1m

I tried with --prefix=/usr/local/openssl and without prefix, I updated /etc/ld.so.conf.d/libc.conf
running ldconfig....

Always I get:

openssl version -a    
openssl: symbol lookup error: openssl: undefined symbol: EVP_mdc2, version OPENSSL_1_1_0

[elcheco]

We're using Laravel Homeastead, so I created after.sh, which recompiles openssl to the latest version. but it could be called also on other Ubuntu 20.04 ARM64. It solves the issues with messages like: openssl: symbol lookup error: openssl: undefined symbol: EVP_mdc2, version OPENSSL_1_1_0

Compile OpenSSL 1.1.1m on Laravel Homestead

[Lebhoryi]

@elcheco the key is adding lib path, pls try again,

[kamrankausar]

Ubuntu 20.04
Getting same error, but when get the openssl version using sudo, then its working, getting below error using normal user
openssl: symbol lookup error: openssl: undefined symbol: EVP_mdc2, version OPENSSL_1_1_0

[fesarlis]

I added lib64 in openssl.conf and ran ldconfig. Adding lib causes the error described here.

[boywijnmaalen]

I'm having the same error.

my use-case is having all versions of OpenSSL installed on one system (it's a test system as I also have multiple versions of Curl - each using a separate version of OpenSSL).

I also ran into this error (for each installed OpenSSL version).

The error comes from the fact that (if not specified) the OpenSSL binary will look for a shared library (that's why editing /etc/ld.so.conf.d/libc.conf works, because you tell the system to look for shared libs elsewhere as well).

I solved it by during compiling saying I do not want to use the shared OpenSSL Security library (the one that comes from the dist, íf /etc/ld.so.conf.d/libc.conf has no additional values). Perhaps superfluous to note; but linking OpenSSL against random versions of a security library is not a good idea.

I used RPATH to help me with this. RPATH is (I think) the default on BSD systems but not Ubuntu, you have to specify it manually. I found this option somewhere in the OpenSSL wiki.

The following line solved my use-case for having independent versions of OpenSSL;

(version 1.1.1b is simply an example)
./config -Wl,-rpath="/usr/local/openssl/openssl-1.1.1b/lib" -Wl,--enable-new-dtags --prefix="/usr/local/openssl/openssl-1.1.1b" --openssldir="/usr/local/openssl/openssl-1.1.1b/ssl"

• the path is variable and can be changed, I guess some people prefer the /opt folder
• more arguments can be added if you will (e.g. threads or enable-ssl3)