problem background
Our project needs to be installed on the client computer for privatization. The server operating system client specifies that only the redhat7.2 version can be used, and the client computer cannot access the external network for confidentiality, and the curl that comes with the damn redhat system supports nss The https of the protocol, not the https of the openssl protocol, when executing curl to access the https site, there will be an error that the key cannot be loaded.
I checked the solution on the Internet, and there is an answer on Stack Overflow that it is the problem of the generated key, and the key needs to be converted into the RSA encryption method. I tried it, and the curl command will not report an error, but our server-side code implementation is not normal. The initialization related encryption and decryption containers.
There are also some answers that recommend reinstalling curl. Since I am not familiar with the redhat system, and I have always heard that the dependencies that need to be dealt with when installing offline on Linux are more complicated, I actually reject it in my heart, but there is no better solution. Can only bite the bullet. . .
install zlib
Visit the zlib official website and download the latest zlib package. Since my rhel is the newer version 7.2, I directly use the latest version of zlib. If it is an old version, it may be necessary to consider the compatibility of the linux kernel;
Unzip the zlib installation package, cd to the unzipped zlib package directory, and run the following command:
./configure make test make install #The static library is installed here make clean ./configure --shared make test make install #clean here first, then install the shared library cp zutil.h /usr/local/include cp zutil.c /usr/local/include #Copy related files
Since the specified zlib installation directory is not shown in step 2, zlib is installed under /usr/local/lib by default, add /usr/local/lib to the /etc/ld.so.conf file, and in the Execute ldconfig under /etc to make the configuration take effect, and zlib is installed
install openssl
Visit the openssl official website and download the latest openssl package;
Unzip the openssl installation package, cd to the unzipped directory, and run the following command:
./config --prefix=/usr/local/ssl shared zlib-dynamic #Specify the installation directory of openssl, create a dynamic library, and dynamically reference the zlib file when needed (I feel that my understanding is very superficial and problematic, I hope there is God will give a thorough answer to the specific meaning of this command) ./config -t #It doesn't seem to be useful, just output the relevant information of the operating system make #When I executed this sentence, I reported an error, to the effect that the relevant dynamic library could not be found. I searched the Internet and found no suitable answer. I modified the Makefile myself and added the -fPIC option to the gcc specification. , Note that since half of make reports an error, you need to execute **make clean** first and then re-make. If you modify the Makefile as soon as you come up, you don't need to execute **make clean** make test #When I executed this sentence, I also reported an error here, which means that the module Conditional.pm could not be found. I searched the Internet and couldn't find a suitable answer. I just want to say that I am true to redhat. It's because I can't complain, and there are too many things missing, so I can still make money, but maybe it's just relying on these to make money. . Helpless and helpless, I can only ignore the error and go directly to the next step make install #Thank God for the blessing of the Buddha, the above error is only caused by the test, install did not report an error and the installation was successful!
Or modify /etc/ld.so.conf, add /usr/local/ssl/lib, and execute ldconfig after modification to make the modification take effect
Add the newly installed openssl to the system environment variable, overwriting the old openssl, what I am modifying here is the /etc/profile file, add export PATH=/usr/local/ssl/bin:$PATH in the last line, and then execute source / etc/profile can
install curl
Visit the curl official website and download the latest curl package. I downloaded the latest stable version, and there is also a long-term support version (but only after two or three years). I didn't understand the meaning of existence, so I abandoned it;
Unzip the curl installation package, cd to the unzip directory, and execute the following command:
./configure --prefix=/usr/local/curl --with-ssl #Specify the installation directory, specify to use openssl to compile, The specific path to the openssl installed above is not specified here. Guess that the installation script will automatically go to /usr/local/lib and other directories to find related files (some students who are familiar with c++ can explain it) make make install #It's amazing, I didn't even get an error, and I'm not used to it. .
Before adding /usr/local/curl/bin to the PATH in /etc/profile, execute source /etc/profile to make the modification of environment variables take effect;
Execute curl -V and test the curl -k https command. Finally, the certificate and key file can be read normally to access the https site. Done!
The original text comes from: https://www.linuxprobe.com/redhat7-curl-https.html