linux centos 升级 openssl

任侠
网站建设
2016-04-23
4929热度
0评论

centos 升级 openssl

安装相关依赖

apt-get install zlib1g zlib1g-dev

下载 cloudflare/sslconfig

git clone --depth 1 https://github.com/cloudflare/sslconfig

下载 openssl 并解压

wget https://www.openssl.org/source/openssl-1.1.1s.tar.gz
tar -zxvf openssl-1.1.1s.tar.gz
mv openssl-1.1.1s openssl
cd openssl

patch -p1 < ../sslconfig/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch

执行编译

# 编译为静态库
./config shared zlib
# 编译为动态库
# ./config shared zlib-dynamic
make depend
make
make install

备份旧的 openssl

mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak

建立软链接

ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl/ /usr/include/openssl

配置文件搜索路径

echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig -v | grep openssl

查看最新版本

openssl version -a

脚本汇总：

cd /usr/source

# 安装相关依赖
apt-get install zlib1g zlib1g-dev

# 下载 cloudflare/sslconfig
git clone --depth 1 https://github.com/cloudflare/sslconfig

# 下载 openssl 并解压
wget https://www.openssl.org/source/openssl-1.1.1s.tar.gz
tar -zxvf openssl-1.1.1s.tar.gz
mv openssl-OpenSSL_1_1_1s/ openssl
cd openssl

patch -p1 < ../sslconfig/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch

# 编译为静态库
./config shared zlib
# 编译为动态库
# ./config shared zlib-dynamic
make depend
make
make install

# 备份旧的 openssl
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak

# 建立软链接
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl/ /usr/include/openssl

# 配置文件搜索路径
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig -v | grep openssl

# 查看最新版本
openssl version -a