June 2, 2023

Openssl 업데이트 방법

Openssl 업데이트 방법

Openssl 업데이트 방법

Openssl 버젼확인

#openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

개발툴 설치(gcc필요)

yum groupinstall "Development tools"

또는 

yum install -y gcc

Openssl 소스 다운로드

#cd /usr/local/src
#wget https://www.openssl.org/source/openssl-1.0.2p.tar.gz
--2018-09-19 11:37:46--  https://www.openssl.org/source/openssl-1.0.2p.tar.gz
Resolving www.openssl.org (www.openssl.org)... 202.43.57.191, 2600:1417:e:285::c1e, 2600:1417:e:283::c1e
Connecting to www.openssl.org (www.openssl.org)|202.43.57.191|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5338192 (5.1M) [application/x-gzip]
Saving to: ‘openssl-1.0.2p.tar.gz’

100%[======================================>] 5,338,192   8.50MB/s   in 0.6s   

2018-09-19 11:37:47 (8.50 MB/s) - ‘openssl-1.0.2p.tar.gz’ saved [5338192/5338192]

Openssl 소스 압축해제

#tar -xvzf openssl-1.0.2p.tar.gz
openssl-1.0.2p/ACKNOWLEDGMENTS
openssl-1.0.2p/apps/
openssl-1.0.2p/apps/app_rand.c
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
openssl-1.0.2p/VMS/ucx_shr_decc_log.opt
openssl-1.0.2p/VMS/ucx_shr_decc.opt
openssl-1.0.2p/VMS/ucx_shr_vaxc.opt
openssl-1.0.2p/VMS/VMSify-conf.pl
openssl-1.0.2p/VMS/WISHLIST.TXT

Openssl Configure Linux 64bit

#cd openssl-1.0.2p
#./Configure linux-x86_64 shared no-md2 no-mdc2 no-rc5 no-rc4 --prefix=/use/local
    make depend

또는 ./config --prefix=/usr/local -fPIC shared

--prefix 옵션을 주지 않으면 기본적으로 /usr/local/ 밑에 나눠서 들어간다. header (.h)는 /usr/local/include/openssl, openssl 실행 파일은 /usr/local/bin, library 는 /usr/local/lib/openssl 폴더에 설치된다.

기본적으로 정적 라이브러리(static library)로 컴파일됨. 동적 라이브러리(shared library) 로 컴파일할 경우 ./config 시 shared 옵션 추가.
디폴트값 no-shared

Openssl 컴파일

#make depend
#make test
#make install

openssl 의 prefix를 --prefix=/use/local 로 설치했다면 nginx configure시에 --with-openssl=/use/local 로 설정

참고사이트
https://blog.bypass.sh/448
http://lesstif.tistory.com/entry/OpenSSL-빌드하기
https://www.lesstif.com/pages/viewpage.action?pageId=6291508

https://www.openssl.org/
https://github.com/openssl

https://cbs.centos.org/koji/builds
https://cbs.centos.org/koji/buildinfo?buildID=20473
https://cbs.centos.org/koji/rpminfo?rpmID=115813