Oracle Linux/openssl
From r00tedvw.com wiki
(Difference between revisions)
Line 22: | Line 22: | ||
=Download and untar source= | =Download and untar source= | ||
+ | <nowiki>~$ curl -L https://github.com/openssl/openssl/archive/OpenSSL_1_1_1.tar.gz -o /tmp/openssl/OpenSSL_1_1_1.tar.gz --create-dirs | ||
+ | ~$ tar -zxvf /tmp/openssl/OpenSSL_1_1_1.tar.gz -C /tmp/openssl/</nowiki> | ||
+ | |||
+ | =Configure OpenSSL= | ||
+ | <nowiki>~$ cd /tmp/openssl/openssl-OpenSSL_1_1_1/ | ||
+ | ~$ ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib | ||
+ | ~$ make | ||
+ | ~$ make test | ||
+ | ~$ sudo make install | ||
+ | |||
+ | ==Possible Issues== | ||
+ | If you encounter an issue, it would be good to run <code>make test</code> in verbose mode. | ||
+ | <nowiki>~$ make test V=1</nowiki> | ||
+ | |||
+ | ===04-test_err.t=== | ||
+ | It is possible that you make encounter an issue with the test: <code>04-test_err.t</code> when going through <code>make test</code>. If you run a verbose output and get the following, it could be related to a [https://github.com/openssl/openssl/issues/6953 known issue in openssl].<br/> | ||
+ | Below is how to run an individual test. | ||
+ | <nowiki>~$ make V=1 TESTS=test_err test | ||
+ | ... | ||
+ | ERROR: (int) 'errno == EINVAL' failed @ test/errtest.c:31 | ||
+ | # [34] compared to [22] | ||
+ | not ok 1 - preserves_system_erro</nowiki> | ||
+ | You have (2) options in this scenario: | ||
+ | *Ignore the error and make openssl anyway. Per the comments in the issue, it can be safely ignored. | ||
+ | *Edit <code>./errtest.c</code> so that it calls ERR_get_error() twice: | ||
+ | <nowiki>~$ sudo vim /tmp/openssl/openssl-OpenSSL_1_1_1/test/errtest.c | ||
+ | ... | ||
+ | #else | ||
+ | ERR_get_error(); <<<ADD | ||
+ | errno = EINVAL; | ||
+ | ERR_get_error(); | ||
+ | return TEST_int_eq(errno, EINVAL); | ||
+ | ...</nowiki> |
Revision as of 13:31, 8 October 2018
Contents |
Installing Openssl from source
More recently CVEs have been discovered in the latest versions of openssl available from the repos, which presents a problem for administrators since they cannot easily upgrade to a patched version. For such cases, sometimes manually compiling openssl from source is the only temporary solution until the repositories are updated or backported.
Check version
OpenSSL
~$ openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
Kernel
~$ uname -r 2.6.32-754.el6.x86_64
Distribution
~$ lsb_release -a LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch Distributor ID: CentOS Description: CentOS release 6.10 (Final) Release: 6.10 Codename: Final
Install dependencies
~$ sudo yum install libtool perl-core zlib-devel -y
Download and untar source
~$ curl -L https://github.com/openssl/openssl/archive/OpenSSL_1_1_1.tar.gz -o /tmp/openssl/OpenSSL_1_1_1.tar.gz --create-dirs ~$ tar -zxvf /tmp/openssl/OpenSSL_1_1_1.tar.gz -C /tmp/openssl/
Configure OpenSSL
~$ cd /tmp/openssl/openssl-OpenSSL_1_1_1/ ~$ ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib ~$ make ~$ make test ~$ sudo make install ==Possible Issues== If you encounter an issue, it would be good to run <code>make test</code> in verbose mode. <nowiki>~$ make test V=1
04-test_err.t
It is possible that you make encounter an issue with the test: 04-test_err.t
when going through make test
. If you run a verbose output and get the following, it could be related to a known issue in openssl.
Below is how to run an individual test.
~$ make V=1 TESTS=test_err test ... ERROR: (int) 'errno == EINVAL' failed @ test/errtest.c:31 # [34] compared to [22] not ok 1 - preserves_system_erro
You have (2) options in this scenario:
- Ignore the error and make openssl anyway. Per the comments in the issue, it can be safely ignored.
- Edit
./errtest.c
so that it calls ERR_get_error() twice:
~$ sudo vim /tmp/openssl/openssl-OpenSSL_1_1_1/test/errtest.c ... #else ERR_get_error(); <<<ADD errno = EINVAL; ERR_get_error(); return TEST_int_eq(errno, EINVAL); ...