problem background
Our project needs to be installed on the client computer for privatization. The server operating system client specifies that only the redhat7.2 version can be used, and the client computer cannot access the external network for confidentiality, and the curl that comes with the damn redhat system supports nss The https of the protocol, not the https of the openssl protocol, when executing curl to access the https site, there will be an error that the key cannot be loaded.
I checked the solution on the Internet, and there is an answer on Stack Overflow that it is the problem of the generated key, and the key needs to be converted into the RSA encryption method. I tried it, and the curl command will not report an error, but our server-side code implementation is not normal. The initialization related encryption and decryption containers.
There are also some answers that recommend reinstalling curl. Since I am not familiar with the redhat system, and I have always heard that the dependencies that need to be dealt with when installing offline on Linux are more complicated, I actually reject it in my heart, but there is no better solution. Can only bite the bullet. . .
install zlib
- Visit the zlib official website and download the latest zlib package. Since my rhel is the newer version 7.2, I directly use the latest version of zlib. If it is an old version, it may be necessary to consider the compatibility of the linux kernel;
- Unzip the zlib installation package, cd to the unzipped zlib package directory, and run the following command:
./configure
make test
make install #这里安装的是静态库
make clean
./configure --shared
make test
make install #这里先clean,然后安装的是共享库
cp zutil.h /usr/local/include
cp zutil.c /usr/local/include #拷贝相关文件
- Since the specified zlib installation directory is not shown in step 2, zlib is installed under /usr/local/lib by default, add /usr/local/lib to the /etc/ld.so.conf file, and in Execute ldconfig under /etc to make the configuration take effect, and zlib is installed
install openssl
- Visit the openssl official website and download the latest openssl package;
- Unzip the openssl installation package, cd to the unzipped directory, and run the following command:
./config --prefix=/usr/local/ssl shared zlib-dynamic #指定openssl的安装目录,创建动态库,并在需要的时候动态引用zlib文件(感觉我理解很肤浅且有问题,希望可以有大神给透彻的解答下这条命令的具体含义)
./config -t #好像没什么卵用,就是输出下操作系统的相关信息
make #我执行这句的时候报错了,大意就是找不到相关的动态库,网上搜了一圈没有找到什么合适的答案,邃自己修改了下Makefile,在gcc的指定中添加了-fPIC选项,注意,由于make了一半报错,所以需要先执行 **make clean** 然后再重新make,如果一上来就修改了Makefile,可以不用执行 **make clean**
make test #执行这句的时候我这边也报错了,意思是Conditional.pm这个模块找不到,在网上搜了一圈,竟然找不到合适的答案,我只想说我对redhat真的是无力吐槽了,缺的东西也太多了,就这还能挣钱,不过说不定也就是靠这些挣钱了。。无奈且无助的我只能无视报错了,直接执行下一步
make install #感谢上帝佛祖保佑,上面的报错只是test的时候引起的,install竟然没有报错安装成功了!
- Or modify /etc/ld.so.conf , add /usr/local/ssl/lib , and execute ldconfig after modification to make the modification take effect
- Add the newly installed openssl to the system environment variable, overwrite the old openssl, what I am modifying here is the /etc/profile file, add export PATH=/usr/local/ssl/bin:$PATH in the last line , and then execute source / etc/profile can
install curl
- Visit the curl official website and download the latest curl package. I downloaded the latest stable version, and there is also a long-term support version (but only after two or three years). I didn't understand the meaning of existence, so I abandoned it;
- Unzip the curl installation package, cd to the unzip directory, and execute the following command:
./configure --prefix=/usr/local/curl --with-ssl #指定安装目录,指定使用openssl进行编译,
这里并没有指定上面安装的openssl的具体路径,
猜测安装脚本里会自动到/usr/local/lib以及其他目录下查找相关文件(有熟悉c++的同学可以给解释下)
make
make install #很神奇,竟然没报错,我都不适应了。。
- Before adding /usr/local/curl/bin to the PATH in /etc/profile , execute source /etc/profile to make the modification of environment variables take effect;
- Execute curl -V and test the curl -k https command. Finally, the certificate and key file can be read normally to access the https site. Done!
refer to
http://blog.csdn.net/baitianhai/article/details/155461 Many of the installations of zlib and openssl refer to this
http://www.linuxidc.com/Linux/2014-11/109910.htm