Revision as of 12:39, 8 October 2018

Installing Openssl from source

More recently CVEs have been discovered in the latest versions of openssl available from the repos, which presents a problem for administrators since they cannot easily upgrade to a patched version. For such cases, sometimes manually compiling openssl from source is the only temporary solution until the repositories are updated or backported.

Check version

OpenSSL

~$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

Kernel

~$ uname -r
2.6.32-754.el6.x86_64

Distribution

~$ lsb_release -a
LSB Version:	:base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
Distributor ID:	CentOS
Description:	CentOS release 6.10 (Final)
Release:	6.10
Codename:	Final

Install dependencies

~$ sudo yum install libtool perl-core zlib-devel -y

Download and untar source

~$ curl -L https://github.com/openssl/openssl/archive/OpenSSL_1_1_1.tar.gz -o /tmp/openssl/OpenSSL_1_1_1.tar.gz --create-dirs
~$ tar -zxvf /tmp/openssl/OpenSSL_1_1_1.tar.gz -C /tmp/openssl/

Configure OpenSSL

~$ cd /tmp/openssl/openssl-OpenSSL_1_1_1/
~$ ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib
~$ make
~$ make test
~$ sudo make install

==Possible Issues==
If you encounter an issue, it would be good to run <code>make test</code> in verbose mode.
 <nowiki>~$ make test V=1

Parse errors: No plan found in TAP output

If you encounter this error, run make test in verbose mode as earlier described. If you see the following, then you will need to update Perl

Test::More version 0.96 required--this is only version 0.92 at /tmp/openssl/openssl-OpenSSL_1_1_1/test/../util/perl/OpenSSL/Test.pm line 13.

The easiest way I found to do this was to follow these directions:

First of all, check that make and CPAN perl packet manager are there in your system:

~$ yum install make cpan

Then configure your perl with CPAN. Just enter cpan in the command prompt and answer yes to all interactive questions.
Then update you cpan manager:

~$ sudo cpan
#cpan> install Bundle::CPAN
#cpan> reload cpan

And now install packages of your interest:

#cpan> install Test::More

04-test_err.t

It is possible that you make encounter an issue with the test: 04-test_err.t when going through make test. If you run a verbose output and get the following, it could be related to a known issue in openssl.
Below is how to run an individual test.

~$ make V=1 TESTS=test_err test
...
ERROR: (int) 'errno == EINVAL' failed @ test/errtest.c:31
    # [34] compared to [22]
    not ok 1 - preserves_system_erro

You have (2) options in this scenario:

• Ignore the error and make openssl anyway. Per the comments in the issue, it can be safely ignored.
• Edit ./errtest.c so that it calls ERR_get_error() twice:

~$ sudo vim /tmp/openssl/openssl-OpenSSL_1_1_1/test/errtest.c
...
#else
    ERR_get_error();       <<<ADD
    errno = EINVAL;
    ERR_get_error();
    return TEST_int_eq(errno, EINVAL);
...