Oracle Linux/openssl
Line 35: | Line 35: | ||
If you encounter an issue, it would be good to run <code>make test</code> in verbose mode. | If you encounter an issue, it would be good to run <code>make test</code> in verbose mode. | ||
<nowiki>~$ make test V=1</nowiki> | <nowiki>~$ make test V=1</nowiki> | ||
+ | |||
+ | ===Parse errors: No plan found in TAP output=== | ||
+ | If you encounter this error, run <code>make test</code> in verbose mode as earlier described. If you see the following, then you will need to update Perl | ||
+ | <nowiki>Test::More version 0.96 required--this is only version 0.92 at /tmp/openssl/openssl-OpenSSL_1_1_1/test/../util/perl/OpenSSL/Test.pm line 13.</nowiki> | ||
+ | The easiest way I found to do this was to follow these directions:<br/><br/> | ||
+ | First of all, check that make and CPAN perl packet manager are there in your system: | ||
+ | <nowiki>~$ yum install make cpan</nowiki> | ||
+ | Then configure your perl with CPAN. Just enter cpan in the command prompt and answer yes to all interactive questions.<br/> | ||
+ | Then update you cpan manager: | ||
+ | <nowiki>~$ sudo cpan | ||
+ | #cpan> install Bundle::CPAN | ||
+ | #cpan> reload cpan</nowiki> | ||
+ | And now install packages of your interest: | ||
+ | <nowiki>#cpan> install Test::More</nowiki> | ||
===04-test_err.t=== | ===04-test_err.t=== |
Revision as of 12:39, 8 October 2018
Contents |
Installing Openssl from source
More recently CVEs have been discovered in the latest versions of openssl available from the repos, which presents a problem for administrators since they cannot easily upgrade to a patched version. For such cases, sometimes manually compiling openssl from source is the only temporary solution until the repositories are updated or backported.
Check version
OpenSSL
~$ openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
Kernel
~$ uname -r 2.6.32-754.el6.x86_64
Distribution
~$ lsb_release -a LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch Distributor ID: CentOS Description: CentOS release 6.10 (Final) Release: 6.10 Codename: Final
Install dependencies
~$ sudo yum install libtool perl-core zlib-devel -y
Download and untar source
~$ curl -L https://github.com/openssl/openssl/archive/OpenSSL_1_1_1.tar.gz -o /tmp/openssl/OpenSSL_1_1_1.tar.gz --create-dirs ~$ tar -zxvf /tmp/openssl/OpenSSL_1_1_1.tar.gz -C /tmp/openssl/
Configure OpenSSL
~$ cd /tmp/openssl/openssl-OpenSSL_1_1_1/ ~$ ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib ~$ make ~$ make test ~$ sudo make install ==Possible Issues== If you encounter an issue, it would be good to run <code>make test</code> in verbose mode. <nowiki>~$ make test V=1
Parse errors: No plan found in TAP output
If you encounter this error, run make test
in verbose mode as earlier described. If you see the following, then you will need to update Perl
Test::More version 0.96 required--this is only version 0.92 at /tmp/openssl/openssl-OpenSSL_1_1_1/test/../util/perl/OpenSSL/Test.pm line 13.
The easiest way I found to do this was to follow these directions:
First of all, check that make and CPAN perl packet manager are there in your system:
~$ yum install make cpan
Then configure your perl with CPAN. Just enter cpan in the command prompt and answer yes to all interactive questions.
Then update you cpan manager:
~$ sudo cpan #cpan> install Bundle::CPAN #cpan> reload cpan
And now install packages of your interest:
#cpan> install Test::More
04-test_err.t
It is possible that you make encounter an issue with the test: 04-test_err.t
when going through make test
. If you run a verbose output and get the following, it could be related to a known issue in openssl.
Below is how to run an individual test.
~$ make V=1 TESTS=test_err test ... ERROR: (int) 'errno == EINVAL' failed @ test/errtest.c:31 # [34] compared to [22] not ok 1 - preserves_system_erro
You have (2) options in this scenario:
- Ignore the error and make openssl anyway. Per the comments in the issue, it can be safely ignored.
- Edit
./errtest.c
so that it calls ERR_get_error() twice:
~$ sudo vim /tmp/openssl/openssl-OpenSSL_1_1_1/test/errtest.c ... #else ERR_get_error(); <<<ADD errno = EINVAL; ERR_get_error(); return TEST_int_eq(errno, EINVAL); ...