Linux Ubuntu openssl离线源码安装、升级版本
文章目录
一、设备环境
1.操作系统
Ubuntu 16.04.1
root@Lemon:/home/lemon# uname -a
Linux Lemon 4.15.0-34-generic #37~16.04.1-Ubuntu SMP Tue Aug 28 10:44:06 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
2.现在的openssl版本
OpenSSL 1.0.2g 1 Mar 2016
root@Lemon:/home/lemon# openssl version
OpenSSL 1.0.2g 1 Mar 2016
二、openssl官网下载源码
官网:https://www.openssl.org
下载:https://www.openssl.org/source/
官网最新可用生产版本openssl-1.1.1k,openssl-3.0.0-alpha17版本是openssl的下一个主要版本,includes the new FIPS Object Module(新特性),预发布版本,不轻易直接用于生产环境。
这次下载openssl-1.1.1k.tar.gz的源码包。
三、安装openssl
1.解压源码包
将openssl源码包解压,并进入openssl-1.1.1k文件夹
root@Lemon:/home/lemon# tar -zxf openssl-1.1.1k.tar.gz
root@Lemon:/home/lemon# cd openssl-1.1.1k
root@Lemon:/home/lemon/openssl-1.1.1k# ls
ACKNOWLEDGEMENTS build.info Configurations demos external INSTALL NOTES.ANDROID NOTES.VMS README.ENGINE tools
apps CHANGES Configure doc FAQ LICENSE NOTES.DJGPP NOTES.WIN README.FIPS util
appveyor.yml config CONTRIBUTING engines fuzz ms NOTES.PERL os-dep ssl VMS
AUTHORS config.com crypto e_os.h include NEWS NOTES.UNIX README test
2.查看README
root@Lemon:/home/lemon/openssl-1.1.1k# vim README //查看帮助
下图是安装openssl的预制环境条件,由于是升级版本操作,以下环境已经安装过。
查看INSTALL
root@Lemon:/home/lemon/openssl-1.1.1k# vim INSTALL
3.编译源码
接下来根据Quick Start直接编译
root@Lemon:/home/lemon/openssl-1.1.1k# ./config
Operating system: x86_64-whatever-linux2
Configuring OpenSSL version 1.1.1k (0x101010bfL) for linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Creating Makefile
*** OpenSSL has been successfully configured ***
------
*** If you encounter a problem while building, please open an ***
*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
*** and include the output from the following command: ***
------
*** perl configdata.pm --dump ***
------
*** (If you are new to OpenSSL, you might want to consult the ***
*** 'Troubleshooting' section in the INSTALL file first) ***
------
root@Lemon:/home/lemon/openssl-1.1.1k# make
root@Lemon:/home/lemon/openssl-1.1.1k# ......
root@Lemon:/home/lemon/openssl-1.1.1k# make test
root@Lemon:/home/lemon/openssl-1.1.1k# ......
root@Lemon:/home/lemon/openssl-1.1.1k# make install
root@Lemon:/home/lemon/openssl-1.1.1k# ......
至此,编译、安装过程中无任何报错,一路畅通,然后查看openssl版本。
root@Lemon:/home/lemon/openssl-1.1.1k# openssl version
openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
四、报错异常
查看版本信息竟然报错了,没有libssl.so.1.1依赖文件。
root@Lemon:/home/lemon# find / -name libssl.so.1.1
/home/dp/openssl-1.1.1k/libssl.so.1.1
/usr/local/lib/libssl.so.1.1
搜索了一下,发现libssl.so.1.1依赖文件是存在的,怀疑是路径不对。
root@Lemon:/home/lemon/openssl-1.1.1k# ln -s /usr/local/lib/libssl.so.1.1 /usr/lib/libssl.so.1.1
root@Lemon:/home/lemon/openssl-1.1.1k# openssl version
openssl: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory
将libssl.so.1.1依赖文件建立软链接后,查看openssl信息依旧报错:libcrypto.so.1.1依赖文件不存在。同样的方法建立软链接,可以查看openssl版本已更新。
root@Lemon:/home/lemon/openssl-1.1.1k# ln -s /usr/local/lib/libcrypto.so.1.1 /usr/lib/libcrypto.so.1.1
root@Lemon:/home/lemon/openssl-1.1.1k# openssl version
OpenSSL 1.1.1k 25 Mar 2021
如此,便成功更新openssl版本。
五、openssl命令
root@Lemon:/home/lemon# openssl
OpenSSL> help
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dhparam
dsa dsaparam ec ecparam
enc engine errstr gendsa
genpkey genrsa help list
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand rehash
req rsa rsautl s_client
s_server s_time sess_id smime
speed spkac srp storeutl
ts verify version x509
Message Digest commands (see the `dgst' command for more details)
blake2b512 blake2s256 gost md4
md5 mdc2 rmd160 sha1
sha224 sha256 sha3-224 sha3-256
sha3-384 sha3-512 sha384 sha512
sha512-224 sha512-256 shake128 shake256
sm3
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb
aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb
aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1
aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb
aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8
aria-256-ctr aria-256-ecb aria-256-ofb base64
bf bf-cbc bf-cfb bf-ecb
bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc
camellia-192-ecb camellia-256-cbc camellia-256-ecb cast
cast-cbc cast5-cbc cast5-cfb cast5-ecb
cast5-ofb des des-cbc des-cfb
des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb
des-ede3-ofb des-ofb des3 desx
idea idea-cbc idea-cfb idea-ecb
idea-ofb rc2 rc2-40-cbc rc2-64-cbc
rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40 seed seed-cbc
seed-cfb seed-ecb seed-ofb sm4-cbc
sm4-cfb sm4-ctr sm4-ecb sm4-ofb
OpenSSL> exit
六、openssl-3.0.0-alpha17预发布版本安装
另外尝试了openssl-3.0.0-alpha17的版本,除了编译命令不一致外也是需要将依赖库建立软链接,如下。
Building OpenSSL
Use the following commands to configure, build and test OpenSSL.
The testing is optional, but recommended if you intend to install
OpenSSL for production use.
Unix / Linux / macOS
$ ./Configure
$ make
$ make test
$ make install
$ openssl version
root@Lemon:/home/lemon/openssl-3.0.0-alpha17# ln -s /usr/local/lib/libssl.so.3 /usr/lib/libssl.so.3
root@Lemon:/home/lemon/openssl-3.0.0-alpha17# ln -s /usr/local/lib/libcrypto.so.3 /usr/lib/libcrypto.so.3
root@Lemon:/home/lemon/openssl-3.0.0-alpha17# openssl version
OpenSSL openssl-3.0.0-alpha17 20 May 2021 (Library: OpenSSl openssl-3.0.0-alpha17 20 May 2021)