编译安装OpenSSL|学习笔记

编译安装OpenSSL

Ubuntu 18.04.1 LTS 自带的 OpenSSL版本是 openssl 1.1.0g，因为 Nginx 支持 TLS 1.3 至少需要 OpenSSL 1.1.1 或者更高，所以需要源码编译下。

卸载系统自带OpenSSL

# 删除软件及其配置文件
# apt-get --purge remove <package>
apt-get --purge remove openssl

安装依赖

apt-get update
apt-get install build-essential checkinstall zlib1g-dev -y

~~####下载源码~~

~~cd /usr/local/src/~~

~~wget https://www.openssl.org/source/openssl-1.1.1b.tar.gz~~

~~tar -zxvf openssl-1.1.1b.tar.gz~~

下载源码

wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1c.tar.gz
tar -zxvf openssl-1.1.1c.tar.gz

~~####编译安装~~

~~cd openssl-1.1.1b~~

~~./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib~~

~~make && make install~~

编译安装

cd openssl-1.1.1c
./config --prefix=/usr/local/openssl #编译生成文件位置
make && make install

命令软链【或添加环境变量均可】

# mv /usr/bin/openssl /usr/bin/openssl.bak 在卸载时已经删除
ln -sv /usr/local/openssl/bin/openssl /usr/bin/openssl
# mv /usr/include/openssl /usr/include/openssl.bak 在卸载时已经删除
ln -sv /usr/local/openssl/include/openssl /usr/include/openssl

~~####配置链接库~~

~~cd /etc/ld.so.conf.d/~~

~~vim openssl-1.1.1c.conf~~

~~# Paste the openssl library path directory.~~

~~/usr/local/ssl/lib~~

~~# Save and exit.~~

~~ldconfig -v~~

配置链接库

cd /etc/ld.so.conf.d/
vim openssl-1.1.1c.conf
# Paste the openssl library path directory.
/usr/local/openssl/lib
# Save and exit.
ldconfig -v

~~And you will see the OpenSSL libraries on the '/usr/local/ssl/lib' directory has been loaded.~~

~~####配置 OpenSSL 库~~

~~vim /etc/environment~~

~~# Now add the new OpenSSL binary directory as below~~

~~PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/ssl/bin"~~

~~# Save and exit.~~

~~# Reload the environment file and test new updated binary PATH.~~

~~source /etc/environment~~

~~echo $PATH~~

~~Now check again the OpenSSL binary file.~~

~~which openssl~~

~~####报错~~

~~当你完成上述步骤，然后执行openssl version，然后就报错了......~~

~~Github上有专门的issue`OPENSSL_1_1_1' not found (required by openssl) #5845~~

~~主要是LD_LIBRARY_PATH这个环境变量没有指定，所以导致openssl正在使用旧的系统OpenSSL库~~

~~openssl:/usr/lib/libssl.so.1.1: versionOPENSSL_1_1_1' not found (required by openssl)`~~

~~openssl:/usr/lib/libcrypto.so.1.1: versionOPENSSL_1_1_1' not found (required by openssl)`~~

~~这个时候你需要找到你新安装的openssl的位置~~

~~which openssl~~

~~/usr/local/ssl/bin/openssl~~

~~看看它的上级目录有没有lib~~

~~我这里按照我的实际情况，执行~~

~~echo "export LD_LIBRARY_PATH=/usr/local/ssl/lib" >> ~/.bashrc~~

~~export LD_LIBRARY_PATH=/usr/local/ssl/lib~~

然后再次查看 openssl version

OpenSSL 1.1.1c 28 May 2019

参考资料：

How to Install the latest OpenSSL version from Source on Linux

安装openssl报错openssl: /usr/lib/x86_64-linux-gnu/libssl.so.1.1: version `OPENSSL_1_1_1' not found

编译安装openssl