Oracle Linux/openssl
From r00tedvw.com wiki
Contents |
Installing Openssl from source
More recently CVEs have been discovered in the latest versions of openssl available from the repos, which presents a problem for administrators since they cannot easily upgrade to a patched version. For such cases, sometimes manually compiling openssl from source is the only temporary solution until the repositories are updated or backported.
Check version
OpenSSL
~$ openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
Kernel
~$ uname -r 2.6.32-754.el6.x86_64
Distribution
~$ lsb_release -a LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch Distributor ID: CentOS Description: CentOS release 6.10 (Final) Release: 6.10 Codename: Final
Install dependencies
~$ sudo yum install libtool perl-core zlib-devel -y
Download and untar source
~$ curl -L https://github.com/openssl/openssl/archive/OpenSSL_1_1_1.tar.gz -o /tmp/openssl/OpenSSL_1_1_1.tar.gz --create-dirs ~$ tar -zxvf /tmp/openssl/OpenSSL_1_1_1.tar.gz -C /tmp/openssl/
Configure OpenSSL
~$ cd /tmp/openssl/openssl-OpenSSL_1_1_1/ ~$ ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib ~$ make ~$ make test ~$ sudo make install ==Possible Issues== If you encounter an issue, it would be good to run <code>make test</code> in verbose mode. <nowiki>~$ make test V=1
04-test_err.t
It is possible that you make encounter an issue with the test: 04-test_err.t
when going through make test
. If you run a verbose output and get the following, it could be related to a known issue in openssl.
Below is how to run an individual test.
~$ make V=1 TESTS=test_err test ... ERROR: (int) 'errno == EINVAL' failed @ test/errtest.c:31 # [34] compared to [22] not ok 1 - preserves_system_erro
You have (2) options in this scenario:
- Ignore the error and make openssl anyway. Per the comments in the issue, it can be safely ignored.
- Edit
./errtest.c
so that it calls ERR_get_error() twice:
~$ sudo vim /tmp/openssl/openssl-OpenSSL_1_1_1/test/errtest.c ... #else ERR_get_error(); <<<ADD errno = EINVAL; ERR_get_error(); return TEST_int_eq(errno, EINVAL); ...