Oracle Linux/openssl
From r00tedvw.com wiki
(Difference between revisions)
| Line 22: | Line 22: | ||
=Download and untar source= | =Download and untar source= | ||
| + | <nowiki>~$ curl -L https://github.com/openssl/openssl/archive/OpenSSL_1_1_1.tar.gz -o /tmp/openssl/OpenSSL_1_1_1.tar.gz --create-dirs | ||
| + | ~$ tar -zxvf /tmp/openssl/OpenSSL_1_1_1.tar.gz -C /tmp/openssl/</nowiki> | ||
| + | |||
| + | =Configure OpenSSL= | ||
| + | <nowiki>~$ cd /tmp/openssl/openssl-OpenSSL_1_1_1/ | ||
| + | ~$ ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib | ||
| + | ~$ make | ||
| + | ~$ make test | ||
| + | ~$ sudo make install | ||
| + | |||
| + | ==Possible Issues== | ||
| + | If you encounter an issue, it would be good to run <code>make test</code> in verbose mode. | ||
| + | <nowiki>~$ make test V=1</nowiki> | ||
| + | |||
| + | ===04-test_err.t=== | ||
| + | It is possible that you make encounter an issue with the test: <code>04-test_err.t</code> when going through <code>make test</code>. If you run a verbose output and get the following, it could be related to a [https://github.com/openssl/openssl/issues/6953 known issue in openssl].<br/> | ||
| + | Below is how to run an individual test. | ||
| + | <nowiki>~$ make V=1 TESTS=test_err test | ||
| + | ... | ||
| + | ERROR: (int) 'errno == EINVAL' failed @ test/errtest.c:31 | ||
| + | # [34] compared to [22] | ||
| + | not ok 1 - preserves_system_erro</nowiki> | ||
| + | You have (2) options in this scenario: | ||
| + | *Ignore the error and make openssl anyway. Per the comments in the issue, it can be safely ignored. | ||
| + | *Edit <code>./errtest.c</code> so that it calls ERR_get_error() twice: | ||
| + | <nowiki>~$ sudo vim /tmp/openssl/openssl-OpenSSL_1_1_1/test/errtest.c | ||
| + | ... | ||
| + | #else | ||
| + | ERR_get_error(); <<<ADD | ||
| + | errno = EINVAL; | ||
| + | ERR_get_error(); | ||
| + | return TEST_int_eq(errno, EINVAL); | ||
| + | ...</nowiki> | ||
Revision as of 12:31, 8 October 2018
Contents |
Installing Openssl from source
More recently CVEs have been discovered in the latest versions of openssl available from the repos, which presents a problem for administrators since they cannot easily upgrade to a patched version. For such cases, sometimes manually compiling openssl from source is the only temporary solution until the repositories are updated or backported.
Check version
OpenSSL
~$ openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
Kernel
~$ uname -r 2.6.32-754.el6.x86_64
Distribution
~$ lsb_release -a LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch Distributor ID: CentOS Description: CentOS release 6.10 (Final) Release: 6.10 Codename: Final
Install dependencies
~$ sudo yum install libtool perl-core zlib-devel -y
Download and untar source
~$ curl -L https://github.com/openssl/openssl/archive/OpenSSL_1_1_1.tar.gz -o /tmp/openssl/OpenSSL_1_1_1.tar.gz --create-dirs ~$ tar -zxvf /tmp/openssl/OpenSSL_1_1_1.tar.gz -C /tmp/openssl/
Configure OpenSSL
~$ cd /tmp/openssl/openssl-OpenSSL_1_1_1/ ~$ ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib ~$ make ~$ make test ~$ sudo make install ==Possible Issues== If you encounter an issue, it would be good to run <code>make test</code> in verbose mode. <nowiki>~$ make test V=1
04-test_err.t
It is possible that you make encounter an issue with the test: 04-test_err.t when going through make test. If you run a verbose output and get the following, it could be related to a known issue in openssl.
Below is how to run an individual test.
~$ make V=1 TESTS=test_err test
...
ERROR: (int) 'errno == EINVAL' failed @ test/errtest.c:31
# [34] compared to [22]
not ok 1 - preserves_system_erro
You have (2) options in this scenario:
- Ignore the error and make openssl anyway. Per the comments in the issue, it can be safely ignored.
- Edit
./errtest.cso that it calls ERR_get_error() twice:
~$ sudo vim /tmp/openssl/openssl-OpenSSL_1_1_1/test/errtest.c
...
#else
ERR_get_error(); <<<ADD
errno = EINVAL;
ERR_get_error();
return TEST_int_eq(errno, EINVAL);
...
