Linux Ubuntu openssl离线源码安装、升级版本

Linux Ubuntu openssl离线源码安装、升级版本

文章目录

一、设备环境

1.操作系统

Ubuntu 16.04.1

root@Lemon:/home/lemon# uname -a
Linux Lemon 4.15.0-34-generic #37~16.04.1-Ubuntu SMP Tue Aug 28 10:44:06 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

2.现在的openssl版本

OpenSSL 1.0.2g 1 Mar 2016

root@Lemon:/home/lemon# openssl version
OpenSSL 1.0.2g  1 Mar 2016

二、openssl官网下载源码

官网:https://www.openssl.org
下载:https://www.openssl.org/source/

官网最新可用生产版本openssl-1.1.1k,openssl-3.0.0-alpha17版本是openssl的下一个主要版本,includes the new FIPS Object Module(新特性),预发布版本,不轻易直接用于生产环境。
Linux Ubuntu openssl离线源码安装、升级版本

这次下载openssl-1.1.1k.tar.gz的源码包。

三、安装openssl

1.解压源码包

将openssl源码包解压,并进入openssl-1.1.1k文件夹

root@Lemon:/home/lemon# tar -zxf openssl-1.1.1k.tar.gz 
root@Lemon:/home/lemon# cd openssl-1.1.1k
root@Lemon:/home/lemon/openssl-1.1.1k# ls
ACKNOWLEDGEMENTS  build.info  Configurations  demos    external  INSTALL  NOTES.ANDROID  NOTES.VMS  README.ENGINE  tools
apps              CHANGES     Configure       doc      FAQ       LICENSE  NOTES.DJGPP    NOTES.WIN  README.FIPS    util
appveyor.yml      config      CONTRIBUTING    engines  fuzz      ms       NOTES.PERL     os-dep     ssl            VMS
AUTHORS           config.com  crypto          e_os.h   include   NEWS     NOTES.UNIX     README     test

2.查看README

root@Lemon:/home/lemon/openssl-1.1.1k# vim README                      //查看帮助

Linux Ubuntu openssl离线源码安装、升级版本

下图是安装openssl的预制环境条件,由于是升级版本操作,以下环境已经安装过。
Linux Ubuntu openssl离线源码安装、升级版本

查看INSTALL

root@Lemon:/home/lemon/openssl-1.1.1k# vim INSTALL 

Linux Ubuntu openssl离线源码安装、升级版本

3.编译源码

接下来根据Quick Start直接编译

root@Lemon:/home/lemon/openssl-1.1.1k# ./config 
Operating system: x86_64-whatever-linux2
Configuring OpenSSL version 1.1.1k (0x101010bfL) for linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Creating Makefile
***   OpenSSL has been successfully configured                     ***
------
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
------
***       perl configdata.pm --dump                                ***
------
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL file first)         ***
------
root@Lemon:/home/lemon/openssl-1.1.1k# make
root@Lemon:/home/lemon/openssl-1.1.1k# ......
root@Lemon:/home/lemon/openssl-1.1.1k# make test
root@Lemon:/home/lemon/openssl-1.1.1k# ......
root@Lemon:/home/lemon/openssl-1.1.1k# make install
root@Lemon:/home/lemon/openssl-1.1.1k# ......

至此,编译、安装过程中无任何报错,一路畅通,然后查看openssl版本。

root@Lemon:/home/lemon/openssl-1.1.1k# openssl version
openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

四、报错异常

查看版本信息竟然报错了,没有libssl.so.1.1依赖文件。

root@Lemon:/home/lemon# find / -name libssl.so.1.1
/home/dp/openssl-1.1.1k/libssl.so.1.1
/usr/local/lib/libssl.so.1.1

搜索了一下,发现libssl.so.1.1依赖文件是存在的,怀疑是路径不对。

root@Lemon:/home/lemon/openssl-1.1.1k# ln -s /usr/local/lib/libssl.so.1.1 /usr/lib/libssl.so.1.1
root@Lemon:/home/lemon/openssl-1.1.1k# openssl version
openssl: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory

将libssl.so.1.1依赖文件建立软链接后,查看openssl信息依旧报错:libcrypto.so.1.1依赖文件不存在。同样的方法建立软链接,可以查看openssl版本已更新。

root@Lemon:/home/lemon/openssl-1.1.1k# ln -s /usr/local/lib/libcrypto.so.1.1 /usr/lib/libcrypto.so.1.1
root@Lemon:/home/lemon/openssl-1.1.1k# openssl version
OpenSSL 1.1.1k  25 Mar 2021

如此,便成功更新openssl版本。

五、openssl命令

root@Lemon:/home/lemon# openssl
OpenSSL> help
Standard commands
asn1parse         ca                ciphers           cms               
crl               crl2pkcs7         dgst              dhparam           
dsa               dsaparam          ec                ecparam           
enc               engine            errstr            gendsa            
genpkey           genrsa            help              list              
nseq              ocsp              passwd            pkcs12            
pkcs7             pkcs8             pkey              pkeyparam         
pkeyutl           prime             rand              rehash            
req               rsa               rsautl            s_client          
s_server          s_time            sess_id           smime             
speed             spkac             srp               storeutl          
ts                verify            version           x509              

Message Digest commands (see the `dgst' command for more details)
blake2b512        blake2s256        gost              md4               
md5               mdc2              rmd160            sha1              
sha224            sha256            sha3-224          sha3-256          
sha3-384          sha3-512          sha384            sha512            
sha512-224        sha512-256        shake128          shake256          
sm3               

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
aes-256-cbc       aes-256-ecb       aria-128-cbc      aria-128-cfb      
aria-128-cfb1     aria-128-cfb8     aria-128-ctr      aria-128-ecb      
aria-128-ofb      aria-192-cbc      aria-192-cfb      aria-192-cfb1     
aria-192-cfb8     aria-192-ctr      aria-192-ecb      aria-192-ofb      
aria-256-cbc      aria-256-cfb      aria-256-cfb1     aria-256-cfb8     
aria-256-ctr      aria-256-ecb      aria-256-ofb      base64            
bf                bf-cbc            bf-cfb            bf-ecb            
bf-ofb            camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  
camellia-192-ecb  camellia-256-cbc  camellia-256-ecb  cast              
cast-cbc          cast5-cbc         cast5-cfb         cast5-ecb         
cast5-ofb         des               des-cbc           des-cfb           
des-ecb           des-ede           des-ede-cbc       des-ede-cfb       
des-ede-ofb       des-ede3          des-ede3-cbc      des-ede3-cfb      
des-ede3-ofb      des-ofb           des3              desx              
idea              idea-cbc          idea-cfb          idea-ecb          
idea-ofb          rc2               rc2-40-cbc        rc2-64-cbc        
rc2-cbc           rc2-cfb           rc2-ecb           rc2-ofb           
rc4               rc4-40            seed              seed-cbc          
seed-cfb          seed-ecb          seed-ofb          sm4-cbc           
sm4-cfb           sm4-ctr           sm4-ecb           sm4-ofb           

OpenSSL> exit

六、openssl-3.0.0-alpha17预发布版本安装

另外尝试了openssl-3.0.0-alpha17的版本,除了编译命令不一致外也是需要将依赖库建立软链接,如下。

Building OpenSSL

Use the following commands to configure, build and test OpenSSL.
The testing is optional, but recommended if you intend to install
OpenSSL for production use.

Unix / Linux / macOS

$ ./Configure
$ make
$ make test
$ make install
$ openssl version

Linux Ubuntu openssl离线源码安装、升级版本

root@Lemon:/home/lemon/openssl-3.0.0-alpha17# ln -s /usr/local/lib/libssl.so.3 /usr/lib/libssl.so.3
root@Lemon:/home/lemon/openssl-3.0.0-alpha17# ln -s /usr/local/lib/libcrypto.so.3 /usr/lib/libcrypto.so.3
root@Lemon:/home/lemon/openssl-3.0.0-alpha17# openssl version
OpenSSL openssl-3.0.0-alpha17  20 May 2021 (Library: OpenSSl openssl-3.0.0-alpha17 20 May 2021)
上一篇:nginx_gzip


下一篇:linux图解