升级openssl-1.1.1-pre8

系统:CentOS Linux release 7.3.1611 (Core)

旧版本openssl:OpenSSL 1.0.1e-fips 11 Feb 2013

  1. 下载最新版:
    • https://www.openssl.org/source/
  2. 安装
# tar -zxvf openssl-1.1.1-pre8.tar.gz
# cd openssl-1.1.1-pre8

#指定安装目录、配置文件目录
# ./config shared zlib --prefix=/usr/local/openssl-1.1.1-pre8 --openssldir=/usr/local/openssl-1.1.1-pre8/ssl

#显示安装信息
# perl configdata.pm --dump

# make
# make test 
# make install 
  1. 备份并添加新的符号链接
# mv /usr/bin/openssl /usr/bin/openssl.20180814
# ln -s /usr/local/openssl-1.1.1-pre8/bin/openssl openssl
  1. 查看新版本
openssl version -a 

异常处理

cd /usr/local/openssl-1.1.1-pre8/bin
查看版本:
./openssl version

报错:

./openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

原因:

  • 未找到对应的库文件

解决办法:

  1. 查看新版本openssl执行文件关联的动态库
ldd openssl
显示有2not found 
libssl.so.1.1 => not found
libcrypto.so.1.1 => not found
  1. 关联新的库文件
# cd /etc/ld.so.conf.d/
# vi openssl-1.1.1-pre8.conf
/usr/local/openssl-1.1.1-pre8/lib

再执行ldd openssl 显示OK

升级Openssl后重新编译nginx 修复漏洞CVE-2016-2183

  1. 查看当前nginx信息
# nginx -V

nginx version: nginx/1.13.12
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) 
built with OpenSSL 1.0.1e-fips 11 Feb 2013

OpenSSL当前使用版本为1.0.1e-fips 11 Feb 2013
  1. 重新编译
在原有的configure参数上新添加 --with-openssl=/usr/local/openssl-1.1.1-pre8 指定新版本openssl目录
  1. 修改配置参数
# cd /usr/local/src/nginx-1.13.12/auto/lib/openssl
# vi conf
            #CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
            #CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
            #CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
            #CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"
            #CORE_LIBS="$CORE_LIBS $NGX_LIBDL"
            #CORE_LIBS="$CORE_LIBS $NGX_LIBPTHREAD"


            CORE_INCS="$CORE_INCS $OPENSSL/include"
            CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"
            CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"
            CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"
            CORE_LIBS="$CORE_LIBS $NGX_LIBDL"
            CORE_LIBS="$CORE_LIBS $NGX_LIBPTHREAD"
  1. 编译
make
  1. 更新后的版本
# nginx -V
nginx version: nginx/1.13.12
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) 
built with OpenSSL 1.1.1-pre8 (beta) 20 Jun 2018

你可能感兴趣的:(Linux,CentOS,7,Openssl,升级)