2022-01-21 20:55:21 +08:00
|
|
|
|
---
|
|
|
|
|
|
id: "20190503"
|
|
|
|
|
|
date: "2019/05/03 10:38:05"
|
|
|
|
|
|
title: "linux下编译安装openssl"
|
|
|
|
|
|
tags: ["linux", "ubuntu", "openssl"]
|
|
|
|
|
|
categories:
|
|
|
|
|
|
- "linux"
|
|
|
|
|
|
- "软件安装"
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
linux 上安装软件通常有两种办法:
|
|
|
|
|
|
|
|
|
|
|
|
- 从软件包仓库安装
|
|
|
|
|
|
- 源码编译安装
|
|
|
|
|
|
|
|
|
|
|
|
第一种方式很简单,一条命令就搞定。
|
|
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
|
# debian系列
|
|
|
|
|
|
apt install openssl
|
|
|
|
|
|
# centos系列
|
|
|
|
|
|
yum install openssl
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
但是上面的方法无法配置参数,有些功能必须要手动编译才能开启。比如`enable-tlsext`,开启这个参数让 openssl 支持 SSL SNI(一个 IP 绑定多个证书)。步骤如下:
|
|
|
|
|
|
|
|
|
|
|
|
<!-- more -->
|
|
|
|
|
|
|
|
|
|
|
|
1. 下载源码包
|
|
|
|
|
|
|
|
|
|
|
|
有些版本的 openssl 不支持`enable-tlsext`参数,目前 1.0.2r 版本是支持的。
|
|
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
|
wget https://www.openssl.org/source/openssl-1.0.2r.tar.gz
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
2. 卸载自带 openssl
|
|
|
|
|
|
|
|
|
|
|
|
注意可能会连带卸载很多依赖于 openssl 的软件。
|
|
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
|
sudo apt remove openssl
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
3. 解压
|
|
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
|
tar -zxf openssl-1.0.2r.tar.gz
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
4. 配置
|
|
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
|
cd openssl-1.0.2r
|
|
|
|
|
|
sudo ./config shared enable-tlsext --prefix=/usr/local/openssl --openssldir=/usr/lib/openssl
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
5. 编译安装
|
|
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
|
make
|
|
|
|
|
|
sudo make install
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
6. 配置环境变量
|
|
|
|
|
|
|
|
|
|
|
|
编辑`/etc/environment`,注意要以`:`分割
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
输入`source /etc/environment`让环境变量生效,即安装完成。
|
