需要部署nginx的https环境,之前是yum安装的openssl,版本比较低,如下:
1
2
3
4
5
6
7
8
9
10
|
[root@nginx ~] # yum install -y pcre pcre-devel openssl openssl-devel gcc
[root@nginx ~] # openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Wed Mar 22 21:43:28 UTC 2017 platform: linux-x86_64 options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/etc/pki/tls"
engines: rdrand dynamic |
默认yum安装的openssl版本是1.0.1,现在需要将版本升级到1.1.0。升级的操作记录如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
[root@nginx ~] # wget https://www.openssl.org/source/openssl-1.1.0g.tar.gz
[root@nginx ~] # tar -zvxf openssl-1.1.0g.tar.gz
[root@nginx ~] # cd openssl-1.1.0g
[root@nginx openssl-1.1.0g] # ./config shared zlib
[root@nginx openssl-1.1.0g] # make
[root@nginx openssl-1.1.0g] # make install
[root@nginx openssl-1.1.0g] # mv /usr/bin/openssl /usr/bin/openssl.bak
[root@nginx openssl-1.1.0g] # mv /usr/include/openssl /usr/include/openssl.bak
[root@nginx openssl-1.1.0g] # find / -name openssl
/etc/pki/ca-trust/extracted/openssl /data/software/nginx-1 .12.2 /auto/lib/openssl
/data/software/openssl-1 .1.0g /apps/openssl
/data/software/openssl-1 .1.0g /include/openssl
/usr/lib64/openssl /usr/local/share/doc/openssl /usr/local/include/openssl /usr/local/bin/openssl /usr/include/openssl /usr/bin/openssl [root@nginx openssl-1.1.0g] # ln -s /usr/local/bin/openssl /usr/bin/openssl
[root@nginx openssl-1.1.0g] # ln -s /usr/local/include/openssl /usr/include/openssl
[root@external-lb01 ~] # find / -name "libssl*"
/data/software/openssl-1 .1.0g /libssl .pc
/data/software/openssl-1 .1.0g /libssl .so
/data/software/openssl-1 .1.0g /libssl .a
/data/software/openssl-1 .1.0g /libssl .so.1.1
/data/software/openssl-1 .1.0g /util/libssl .num
/usr/lib64/libssl3 .so
/usr/lib64/pkgconfig/libssl .pc
/usr/lib64/libssl .so.1.0.1e
/usr/lib64/libssl .so
/usr/lib64/libssl .so.10
/usr/local/lib64/libssl .a
/usr/local/lib64/pkgconfig/libssl .pc
/usr/local/lib64/libssl .so
/usr/local/lib64/libssl .so.1.1
[root@nginx openssl-1.1.0g] # echo "/usr/local/lib64/" >> /etc/ld.so.conf
[root@nginx openssl-1.1.0g] # ldconfig
[root@nginx openssl-1.1.0g] # openssl version -a
OpenSSL 1.1.0g 2 Nov 2017 built on: reproducible build, date unspecified
platform: linux-x86_64 compiler: gcc -DZLIB -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR= "\"/usr/local/ssl\"" -DENGINESDIR= "\"/usr/local/lib64/engines-1.1\"" -Wa,--noexecstack
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/lib64/engines-1.1"
|