Oracle Linux/openssl

From r00tedvw.com wiki
Revision as of 12:31, 8 October 2018 by R00t (Talk | contribs)

Jump to: navigation, search

Contents

Installing Openssl from source

More recently CVEs have been discovered in the latest versions of openssl available from the repos, which presents a problem for administrators since they cannot easily upgrade to a patched version. For such cases, sometimes manually compiling openssl from source is the only temporary solution until the repositories are updated or backported.

Check version

OpenSSL 

~$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

Kernel 

~$ uname -r
2.6.32-754.el6.x86_64

Distribution 

~$ lsb_release -a
LSB Version:	:base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
Distributor ID:	CentOS
Description:	CentOS release 6.10 (Final)
Release:	6.10
Codename:	Final

Install dependencies

~$ sudo yum install libtool perl-core zlib-devel -y

Download and untar source

~$ curl -L https://github.com/openssl/openssl/archive/OpenSSL_1_1_1.tar.gz -o /tmp/openssl/OpenSSL_1_1_1.tar.gz --create-dirs
~$ tar -zxvf /tmp/openssl/OpenSSL_1_1_1.tar.gz -C /tmp/openssl/

Configure OpenSSL

~$ cd /tmp/openssl/openssl-OpenSSL_1_1_1/
~$ ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib
~$ make
~$ make test
~$ sudo make install

==Possible Issues==
If you encounter an issue, it would be good to run <code>make test</code> in verbose mode.
 <nowiki>~$ make test V=1

04-test_err.t

It is possible that you make encounter an issue with the test: 04-test_err.t when going through make test. If you run a verbose output and get the following, it could be related to a known issue in openssl.
Below is how to run an individual test. 

~$ make V=1 TESTS=test_err test
...
ERROR: (int) 'errno == EINVAL' failed @ test/errtest.c:31
    # [34] compared to [22]
    not ok 1 - preserves_system_erro

You have (2) options in this scenario:

  • Ignore the error and make openssl anyway. Per the comments in the issue, it can be safely ignored.
  • Edit ./errtest.c so that it calls ERR_get_error() twice: 
~$ sudo vim /tmp/openssl/openssl-OpenSSL_1_1_1/test/errtest.c
...
#else
    ERR_get_error();       <<<ADD
    errno = EINVAL;
    ERR_get_error();
    return TEST_int_eq(errno, EINVAL);
...
Retrieved from "https://wiki.r00tedvw.com/index.php?title=Oracle_Linux/openssl&oldid=2304"
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
2020 Election
Volkswagen
Covid
NCDMV
Toolbox