Oracle Linux/openssl
(→Parse errors: No plan found in TAP output) |
(→Parse errors: No plan found in TAP output) |
||
| Line 45: | Line 45: | ||
<nowiki>~$ yum install make cpan</nowiki> | <nowiki>~$ yum install make cpan</nowiki> | ||
Then configure your perl with CPAN. Just enter cpan in the command prompt and answer yes to all interactive questions.<br/> | Then configure your perl with CPAN. Just enter cpan in the command prompt and answer yes to all interactive questions.<br/> | ||
| − | Then update | + | Then update your cpan manager: |
<nowiki>~$ sudo cpan | <nowiki>~$ sudo cpan | ||
#cpan> install Bundle::CPAN | #cpan> install Bundle::CPAN | ||
Latest revision as of 08:54, 9 October 2018
Contents |
[edit] Installing Openssl from source
More recently CVEs have been discovered in the latest versions of openssl available from the repos, which presents a problem for administrators since they cannot easily upgrade to a patched version. For such cases, sometimes manually compiling openssl from source is the only temporary solution until the repositories are updated or backported.
Reference: https://blacksaildivision.com/how-to-install-openssl-on-centos
[edit] Check version
OpenSSL
~$ openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
Kernel
~$ uname -r 2.6.32-754.el6.x86_64
Distribution
~$ lsb_release -a LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch Distributor ID: CentOS Description: CentOS release 6.10 (Final) Release: 6.10 Codename: Final
[edit] Install dependencies
~$ sudo yum install libtool perl-core zlib-devel -y
[edit] Download and untar source
~$ curl -L https://github.com/openssl/openssl/archive/OpenSSL_1_1_1.tar.gz -o /tmp/openssl/OpenSSL_1_1_1.tar.gz --create-dirs ~$ tar -zxvf /tmp/openssl/OpenSSL_1_1_1.tar.gz -C /tmp/openssl/
[edit] Configure OpenSSL
~$ cd /tmp/openssl/openssl-OpenSSL_1_1_1/ ~$ ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib ~$ make ~$ make test ~$ sudo make install
[edit] Possible Issues
If you encounter an issue, it would be good to run make test in verbose mode.
~$ make test V=1
[edit] Parse errors: No plan found in TAP output
If you encounter this error, run make test in verbose mode as earlier described. If you see the following, then you will need to update Perl
Test::More version 0.96 required--this is only version 0.92 at /tmp/openssl/openssl-OpenSSL_1_1_1/test/../util/perl/OpenSSL/Test.pm line 13.
The easiest way I found to do this was to follow these directions:
First of all, check that make and CPAN perl packet manager are installed:
~$ yum install make cpan
Then configure your perl with CPAN. Just enter cpan in the command prompt and answer yes to all interactive questions.
Then update your cpan manager:
~$ sudo cpan #cpan> install Bundle::CPAN #cpan> reload cpan
And now install packages of your interest:
#cpan> install Test::More
[edit] 04-test_err.t
It is possible that you make encounter an issue with the test: 04-test_err.t when going through make test. If you run a verbose output and get the following, it could be related to a known issue in openssl.
Below is how to run an individual test.
~$ make V=1 TESTS=test_err test
...
ERROR: (int) 'errno == EINVAL' failed @ test/errtest.c:31
# [34] compared to [22]
not ok 1 - preserves_system_erro
You have (2) options in this scenario:
- Ignore the error and make openssl anyway. Per the comments in the issue, it can be safely ignored.
- Edit
./errtest.cso that it calls ERR_get_error() twice:
~$ sudo vim /tmp/openssl/openssl-OpenSSL_1_1_1/test/errtest.c
...
#else
ERR_get_error(); <<<ADD
errno = EINVAL;
ERR_get_error();
return TEST_int_eq(errno, EINVAL);
...
[edit] Check Version again
~$ openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
Unfortunately it still shows the old version. For me, I simply delete the old openssl file (after making a backup) and then created a symlink to the new version.
~$ which openssl /usr/bin/openssl ~$ sudo cp /usr/bin/openssl /usr/bin/openssl.original ~$ sudo rm /usr/bin/openssl ~$ sudo ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
[edit]
If you try to use openssl and get an error like this, you make need to create a openssl configuration file that tells openssl where to find the needed libraries.
~$ openssl version openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
In my case, my libraries were located at: /usr/local/openssl/lib/, so I specified that in the new config file:
~$ sudo find / -name libssl.so.1.1 /tmp/openssl/openssl-OpenSSL_1_1_1/libssl.so.1.1 ~$ sudo sh -c "echo '/usr/local/openssl/lib/' >> /etc/ld.so.conf.d/openssl.conf"
Finally we need to rebuild the ldconfig cache
~$ sudo ldconfig
Try again:
~$ openssl version OpenSSL 1.1.1 11 Sep 2018
[edit] Check functionality
Do a quick check for functionality. Something like this should be good:
~$ openssl s_client -showcerts -connect google.com:443 </dev/null 2>/dev/null
If you get the SSL cert contents, it works.
