IT博客汇
  • 首页
  • 精华
  • 技术
  • 设计
  • 资讯
  • 扯淡
  • 权利声明
    • 登录 注册

    Linux:openssl升级

    Adamhuan发表于 2016-08-23 02:28:48
    love 0

    首先,查看下当前的openssl的版本:

    [root@mysql-1 ~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
[root@mysql-1 ~]# 
[root@mysql-1 ~]# rpm -qa | grep openssl
openssl-1.0.1e-48.el6.x86_64
[root@mysql-1 ~]#

    可以看到,当前版本是:1.0.1 e。

    OpenSSL的官方网站是:https://www.openssl.org/source/
    当前的最新版本是:1.0.1 t。
    Download Link:
    https://www.openssl.org/source/openssl-1.0.1t.tar.gz

    下载,然后上传服务器:

    [root@mysql-1 ~]# cd /software/openssl/
[root@mysql-1 openssl]# ls -ltr
total 4452
-rw-r--r-- 1 root root 4556447 Aug 23 12:01 openssl-1.0.1t.tar.gz
[root@mysql-1 openssl]# 
[root@mysql-1 openssl]# du -sh *
4.4M	openssl-1.0.1t.tar.gz
[root@mysql-1 openssl]#

    安装前:

    [root@mysql-1 openssl]# whereis openssl
openssl: /usr/bin/openssl /usr/lib64/openssl /usr/share/man/man1/openssl.1ssl.gz
[root@mysql-1 openssl]# 
[root@mysql-1 openssl]# ls -ltr /usr/bin | grep --color openssl
-rwxr-xr-x  1 root root     548184 May  9 22:56 openssl
[root@mysql-1 openssl]# 
[root@mysql-1 openssl]# ls -ltr /usr/lib64/ | grep --color openssl
drwxr-xr-x.  3 root root     4096 Aug 22 22:49 openssl
[root@mysql-1 openssl]#

    二进制源码包安装。

    解压:

    [root@mysql-1 openssl]# ls
openssl-1.0.1t.tar.gz
[root@mysql-1 openssl]# 
[root@mysql-1 openssl]# tar -xzf openssl-1.0.1t.tar.gz 
[root@mysql-1 openssl]# ls -ltr
total 4456
-rw-r--r--  1 root root 4556447 Aug 23 12:01 openssl-1.0.1t.tar.gz
drwxr-xr-x 21 root root    4096 Aug 23 12:03 openssl-1.0.1t
[root@mysql-1 openssl]# du -sh
31M	.
[root@mysql-1 openssl]# du -sh *
27M	openssl-1.0.1t
4.4M	openssl-1.0.1t.tar.gz
[root@mysql-1 openssl]# 
[root@mysql-1 openssl]# cd openssl-1.0.1t
[root@mysql-1 openssl-1.0.1t]# ls
ACKNOWLEDGMENTS  config        e_os2.h        INSTALL.MacOS  LICENSE          ms            README         tools
apps             Configure     e_os.h         INSTALL.NW     MacOS            Netware       README.ASN1    util
appveyor.yml     CONTRIBUTING  FAQ            INSTALL.OS2    Makefile         NEWS          README.ENGINE  VMS
bugs             crypto        include        INSTALL.VMS    Makefile.bak     openssl.doxy  shlib
certs            demos         INSTALL        INSTALL.W32    Makefile.org     openssl.spec  ssl
CHANGES          doc           install.com    INSTALL.W64    Makefile.shared  os2           test
CHANGES.SSLeay   engines       INSTALL.DJGPP  INSTALL.WCE    makevms.com      PROBLEMS      times
[root@mysql-1 openssl-1.0.1t]# 
[root@mysql-1 openssl-1.0.1t]# ls -ltr
total 1084
-rw-rw-r--  1 root root   6279 May  3 21:38 LICENSE
-rw-rw-r--  1 root root     84 May  3 21:38 FAQ
drwxr-xr-x  2 root root   4096 May  3 21:44 VMS
drwxr-xr-x  2 root root   4096 May  3 21:44 shlib
-rw-rw-r--  1 root root  16100 May  3 21:44 README.ENGINE
-rw-rw-r--  1 root root   7699 May  3 21:44 README.ASN1
-rw-rw-r--  1 root root   8705 May  3 21:44 PROBLEMS
drwxr-xr-x  2 root root   4096 May  3 21:44 os2
-rw-rw-r--  1 root root    137 May  3 21:44 openssl.doxy
drwxr-xr-x  2 root root   4096 May  3 21:44 Netware
drwxr-xr-x  2 root root   4096 May  3 21:44 ms
drwxr-xr-x  3 root root   4096 May  3 21:44 MacOS
-rw-rw-r--  1 root root   3263 May  3 21:44 INSTALL.WCE
-rw-rw-r--  1 root root   2166 May  3 21:44 INSTALL.W64
-rw-rw-r--  1 root root  11879 May  3 21:44 INSTALL.W32
-rw-rw-r--  1 root root  10966 May  3 21:44 INSTALL.VMS
-rw-rw-r--  1 root root    744 May  3 21:44 INSTALL.OS2
-rw-rw-r--  1 root root  18859 May  3 21:44 INSTALL.NW
-rw-rw-r--  1 root root   3264 May  3 21:44 INSTALL.MacOS
-rw-rw-r--  1 root root   2053 May  3 21:44 INSTALL.DJGPP
-rw-rw-r--  1 root root   3709 May  3 21:44 install.com
-rw-rw-r--  1 root root  14661 May  3 21:44 INSTALL
drwxr-xr-x 16 root root   4096 May  3 21:44 demos
-rw-rw-r--  1 root root   1618 May  3 21:44 CONTRIBUTING
-rw-rw-r--  1 root root  42751 May  3 21:44 CHANGES.SSLeay
drwxr-xr-x  4 root root   4096 May  3 21:44 certs
drwxr-xr-x  2 root root   4096 May  3 21:44 bugs
-rw-rw-r--  1 root root   1289 May  3 21:44 appveyor.yml
-rw-rw-r--  1 root root     87 May  3 21:44 ACKNOWLEDGMENTS
drwxr-xr-x  3 root root   4096 May  3 21:49 util
drwxr-xr-x  5 root root   4096 May  3 21:49 times
-rwxrwxr-x  1 root root  39979 May  3 21:49 makevms.com
-rw-rw-r--  1 root root  21944 May  3 21:49 Makefile.shared
-rw-rw-r--  1 root root  23098 May  3 21:49 Makefile.org
-rw-rw-r--  1 root root  25092 May  3 21:49 e_os.h
-rw-rw-r--  1 root root  10949 May  3 21:49 e_os2.h
drwxr-xr-x  6 root root   4096 May  3 21:49 doc
-rwxrwxr-x  1 root root 107046 May  3 21:49 Configure
-rwxrwxr-x  1 root root  28381 May  3 21:49 config
drwxr-xr-x  2 root root   4096 May  3 21:49 include
drwxr-xr-x  2 root root   4096 May  3 21:49 ssl
-rw-rw-r--  1 root root   4123 May  3 21:49 README
-rw-rw-r--  1 root root   7929 May  3 21:49 openssl.spec
-rw-rw-r--  1 root root  32526 May  3 21:49 NEWS
-rw-rw-r--  1 root root  24311 May  3 21:49 Makefile.bak
drwxr-xr-x  4 root root   4096 May  3 21:49 engines
-rw-rw-r--  1 root root 466258 May  3 21:49 CHANGES
-rw-rw-r--  1 root root  23692 May  3 21:49 Makefile
drwxr-xr-x  2 root root   4096 May  3 21:49 tools
drwxr-xr-x 59 root root   4096 May  3 21:49 crypto
drwxr-xr-x  5 root root   4096 May  3 21:49 apps
drwxr-xr-x  4 root root   4096 Aug 23 12:03 test
[root@mysql-1 openssl-1.0.1t]#

    编译:./configure。

    [root@mysql-1 openssl-1.0.1t]# ./config shared zlib-dynamic
(.. ... 过多的输出。)
make[1]: Entering directory `/software/openssl/openssl-1.0.1t/test'
make[1]: Nothing to be done for `links'.
make[1]: Leaving directory `/software/openssl/openssl-1.0.1t/test'
making links in tools...
make[1]: Entering directory `/software/openssl/openssl-1.0.1t/tools'
make[1]: Nothing to be done for `links'.
make[1]: Leaving directory `/software/openssl/openssl-1.0.1t/tools'
generating dummy tests (if needed)...
make[1]: Entering directory `/software/openssl/openssl-1.0.1t/test'
md2test.c => dummytest.c
rc5test.c => dummytest.c
jpaketest.c => dummytest.c
make[1]: Leaving directory `/software/openssl/openssl-1.0.1t/test'

Configured for linux-x86_64.

*** Because of configuration changes, you MUST do the following before
*** building:

	make depend
[root@mysql-1 openssl-1.0.1t]#

    安装需要的软件包:

    [root@mysql-1 openssl-1.0.1t]# rpm -qa | grep --color gcc
libgcc-4.4.7-17.el6.x86_64
[root@mysql-1 openssl-1.0.1t]# yum install -y gcc
(... ...过多的输出。)
[root@mysql-1 openssl-1.0.1t]# yum install -y zlib-devel
(... ...过多的输出。)

    编译:make。

    [root@mysql-1 openssl-1.0.1t]# make
(... ...过多的输出。)
make[2]: Entering directory `/software/openssl/openssl-1.0.1t/test'
make[2]: Leaving directory `/software/openssl/openssl-1.0.1t/test'
gcc -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM   -c -o dummytest.o dummytest.c
make[2]: Entering directory `/software/openssl/openssl-1.0.1t/test'
make[2]: Leaving directory `/software/openssl/openssl-1.0.1t/test'
make[1]: Leaving directory `/software/openssl/openssl-1.0.1t/test'
making all in tools...
make[1]: Entering directory `/software/openssl/openssl-1.0.1t/tools'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/software/openssl/openssl-1.0.1t/tools'
[root@mysql-1 openssl-1.0.1t]#

    安装:make install。

    [root@mysql-1 openssl-1.0.1t]# make install
(... ... 过多的输出。)
T -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM" in \
			*DSO_BEOS*) sfx=".so";; \
			*DSO_DLFCN*) sfx=`expr ".so.1.0.0" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \
			*DSO_DL*) sfx=".sl";; \
			*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
			*) sfx=".bad";; \
			esac; \
			cp ${pfx}gost$sfx /usr/local/ssl/lib/engines/${pfx}gost$sfx.new; \
		else \
			sfx=".so"; \
			cp cyggost.dll /usr/local/ssl/lib/engines/${pfx}gost$sfx.new; \
		fi; \
		chmod 555 /usr/local/ssl/lib/engines/${pfx}gost$sfx.new; \
		mv -f /usr/local/ssl/lib/engines/${pfx}gost$sfx.new /usr/local/ssl/lib/engines/${pfx}gost$sfx; \
	fi
installing gost
make[2]: Leaving directory `/software/openssl/openssl-1.0.1t/engines/ccgost'
make[1]: Leaving directory `/software/openssl/openssl-1.0.1t/engines'
making install in apps...
make[1]: Entering directory `/software/openssl/openssl-1.0.1t/apps'
installing openssl
installing CA.sh
installing CA.pl
installing tsget
make[1]: Leaving directory `/software/openssl/openssl-1.0.1t/apps'
making install in test...
make[1]: Entering directory `/software/openssl/openssl-1.0.1t/test'
make[1]: Nothing to be done for `install'.
make[1]: Leaving directory `/software/openssl/openssl-1.0.1t/test'
making install in tools...
make[1]: Entering directory `/software/openssl/openssl-1.0.1t/tools'
make[1]: Leaving directory `/software/openssl/openssl-1.0.1t/tools'
installing libcrypto.a
installing libssl.a
installing libcrypto.so.1.0.0
installing libssl.so.1.0.0
make[1]: Entering directory `/usr/local/ssl/lib'
make[2]: Entering directory `/usr/local/ssl/lib'
make[2]: Leaving directory `/usr/local/ssl/lib'
make[2]: Entering directory `/usr/local/ssl/lib'
make[2]: Leaving directory `/usr/local/ssl/lib'
make[1]: Leaving directory `/usr/local/ssl/lib'
OpenSSL shared libraries have been installed in:
  /usr/local/ssl

If this directory is not in a standard system path for dynamic/shared
libraries, then you will have problems linking and executing
applications that use OpenSSL libraries UNLESS:

* you link with static (archive) libraries.  If you are truly
  paranoid about security, you should use static libraries.
* you use the GNU libtool code during linking
  (http://www.gnu.org/software/libtool/libtool.html)
* you use pkg-config during linking (this requires that
  PKG_CONFIG_PATH includes the path to the OpenSSL shared
  library directory), and make use of -R or -rpath.
  (http://www.freedesktop.org/software/pkgconfig/)
* you specify the system-wide link path via a command such
  as crle(1) on Solaris systems.
* you add the OpenSSL shared library directory to /etc/ld.so.conf
  and run ldconfig(8) on Linux systems.
* you define the LD_LIBRARY_PATH, LIBPATH, SHLIB_PATH (HP),
  DYLD_LIBRARY_PATH (MacOS X) or PATH (Cygwin and DJGPP)
  environment variable and add the OpenSSL shared library
  directory to it.

One common tool to check the dynamic dependencies of an executable
or dynamic library is ldd(1) on most UNIX systems.

See any operating system documentation and manpages about shared
libraries for your version of UNIX.  The following manpages may be
helpful: ld(1), ld.so(1), ld.so.1(1) [Solaris], dld.sl(1) [HP],
ldd(1), crle(1) [Solaris], pldd(1) [Solaris], ldconfig(8) [Linux],
chatr(1) [HP].
cp libcrypto.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libcrypto.pc
cp libssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libssl.pc
cp openssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc
[root@mysql-1 openssl-1.0.1t]#

    安装成功。

    通过上面的命令反馈结果:

    OpenSSL shared libraries have been installed in:
  /usr/local/ssl

If this directory is not in a standard system path for dynamic/shared
libraries, then you will have problems linking and executing
applications that use OpenSSL libraries UNLESS:

* you link with static (archive) libraries.  If you are truly
  paranoid about security, you should use static libraries.
* you use the GNU libtool code during linking
  (http://www.gnu.org/software/libtool/libtool.html)
* you use pkg-config during linking (this requires that
  PKG_CONFIG_PATH includes the path to the OpenSSL shared
  library directory), and make use of -R or -rpath.
  (http://www.freedesktop.org/software/pkgconfig/)
* you specify the system-wide link path via a command such
  as crle(1) on Solaris systems.
* you add the OpenSSL shared library directory to /etc/ld.so.conf
  and run ldconfig(8) on Linux systems.
* you define the LD_LIBRARY_PATH, LIBPATH, SHLIB_PATH (HP),
  DYLD_LIBRARY_PATH (MacOS X) or PATH (Cygwin and DJGPP)
  environment variable and add the OpenSSL shared library
  directory to it.

One common tool to check the dynamic dependencies of an executable
or dynamic library is ldd(1) on most UNIX systems.

See any operating system documentation and manpages about shared
libraries for your version of UNIX.  The following manpages may be
helpful: ld(1), ld.so(1), ld.so.1(1) [Solaris], dld.sl(1) [HP],
ldd(1), crle(1) [Solaris], pldd(1) [Solaris], ldconfig(8) [Linux],
chatr(1) [HP].

    我们可以知道:
    openssl,被安装到了:/usr/local/ssl.

    查看一下:

    [root@mysql-1 ~]# ls /usr/local/ | grep --color ssl
ssl
[root@mysql-1 ~]# 
[root@mysql-1 ~]# ls -ltr /usr/local/ | grep --color ssl
drwxr-xr-x  9 root root 4096 Aug 23 12:12 ssl
[root@mysql-1 ~]# 
[root@mysql-1 ~]# ls -ltr /usr/local/ssl/
total 40
drwxr-xr-x 6 root root  4096 Aug 23 12:11 man
drwxr-xr-x 2 root root  4096 Aug 23 12:12 private
drwxr-xr-x 3 root root  4096 Aug 23 12:12 include
drwxr-xr-x 2 root root  4096 Aug 23 12:12 certs
-rw-r--r-- 1 root root 10835 Aug 23 12:12 openssl.cnf
drwxr-xr-x 2 root root  4096 Aug 23 12:12 bin
drwxr-xr-x 2 root root  4096 Aug 23 12:12 misc
drwxr-xr-x 4 root root  4096 Aug 23 12:12 lib
[root@mysql-1 ~]# 
[root@mysql-1 ~]# ls /usr/local/ssl/bin/
c_rehash  openssl   
[root@mysql-1 ~]# /usr/local/ssl/bin/openssl version
OpenSSL 1.0.1t  3 May 2016
[root@mysql-1 ~]#

    但是默认的openssl还是存在的:

    [root@mysql-1 openssl-1.0.1t]# ls -ltr /usr/bin | grep --color openssl
-rwxr-xr-x  1 root root     548184 May  9 22:56 openssl
[root@mysql-1 openssl-1.0.1t]# 
[root@mysql-1 openssl-1.0.1t]# ls -ltr /usr/lib64/ | grep --color openssl
drwxr-xr-x.  3 root root     4096 Aug 22 22:49 openssl
[root@mysql-1 openssl-1.0.1t]# 
[root@mysql-1 openssl-1.0.1t]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
[root@mysql-1 openssl-1.0.1t]#

    将新的OPENSSL加入环境变量,替换旧的OPENSSL。

    环境变量:PATH,修改前:

    [root@mysql-1 ~]# env | grep --color PATH 
PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[root@mysql-1 ~]# 
[root@mysql-1 ~]# env | grep --color PATH | grep --color openssl
[root@mysql-1 ~]#

    修改:

    [root@mysql-1 ~]# vi ~/.bash_profile 
[root@mysql-1 ~]# cat ~/.bash_profile 
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
	. ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin

export PATH

# OpenSSL
export PATH=/usr/local/ssl/bin:$PATH
[root@mysql-1 ~]#
[root@mysql-1 ~]# source ~/.bash_profile 
[root@mysql-1 ~]#
[root@mysql-1 ~]# env | grep --color PATH
PATH=/usr/local/ssl/bin:/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/root/bin:/usr/local/ssl/bin:/root/bin:/usr/local/ssl/bin:/root/bin
[root@mysql-1 ~]#

    再次执行openssl,查看版本信息:

    [root@mysql-1 ~]# openssl version
OpenSSL 1.0.1t  3 May 2016
[root@mysql-1 ~]#

    可以看到,新的openssl已经被应用了。

    ————————————————
    Done。



沪ICP备19023445号-2号
友情链接