illustrate
It is not recommended to compile and install using rpm packages because there will be problems with the corresponding library files.
| Classification | system version | openssh version | openssl version | Test Results |
|---|---|---|---|---|
| Low version openssl compilation | centos6 | 8.7p1 | 1.0.1e | normal |
| centos7 | 8.7p1 | 1.0.2k | normal | |
| centos8 centos stream |
8.7p1 | 1.1.1g | normal | |
| High version openssl compilation | centos6 | 8.7p1 | 1.1.1l | normal |
| centos7 | 1.0.2k | 1.1.1l 1.1.1t |
normal | |
| centos8 centos stream |
There is a bug but the compilation is not successful. | |||
1. Download openssl package
wget https://www.openssl.org/source/openssl-1.1.1t.tar.gz
2. Back up old openssl files
Iterate and directly replace the original files – it is recommended to back up the following files if necessary
mkdir ~/ssl_bak
cp /usr/bin/openssl ~/ssl_bak
cp /usr/lib64/libcrypto.so.1.0.2k ~/ssl_bak
cp /usr/lib64/libssl.so.1.0.2k ~/ssl_bak
3. Make the rpm package of openssl
Download necessary packages
yum -y install curl which make gcc perl perl-WWW-Curl rpm-build
Create the appropriate directory
mkdir -p /root/rpmbuild/{
BUILD,RPMS,SOURCES,SPECS,SRPMS}
Create spec file
cat << 'EOF' > /root/rpmbuild/SPECS/openssl.spec
Summary: OpenSSL 1.1.1i for Centos
Name: openssl
Version: %{?version}%{!?version:1.1.1i}
Release: 1%{?dist}
Obsoletes: %{name} <= %{version}
Provides: %{name} = %{version}
URL: https://www.openssl.org/
License: GPLv2+
Source: https://www.openssl.org/source/%{name}-%{version}.tar.gz
BuildRequires: make gcc perl perl-WWW-Curl
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%global openssldir /usr/openssl
%description
OpenSSL RPM for version 1.1.1i on Centos
%package devel
Summary: Development files for programs which will use the openssl library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
%description devel
OpenSSL RPM for version 1.1.1i on Centos (development package)
%prep
%setup -q
%build
./config --prefix=%{openssldir} --openssldir=%{openssldir}
make
%install
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
%make_install
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libssl.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libcrypto.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/bin/openssl %{buildroot}%{_bindir}
%clean
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
%files
%{openssldir}
%defattr(-,root,root)
/usr/bin/openssl
/usr/lib64/libcrypto.so.1.1
/usr/lib64/libssl.so.1.1
%files devel
%{openssldir}/include/*
%defattr(-,root,root)
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
EOF
Prepare the corresponding package and compile the rpm package
cp openssl-1.1.1t.tar.gz /root/rpmbuild/SOURCES
cd /root/rpmbuild/SPECS && \
rpmbuild \
-D "version 1.1.1t" \
-ba openssl.spec
Note:
There are risks when upgrading to a higher version of openssl !
Note 1: Remember to upgrade this version openssl 1.1.1t version is a forced iterative upgrade
- You cannot uninstall the original openssl in advance. For example: rpm -e openssl-1.0.2k-21.el7_9.x86_64
- Openssl 1.1.1t cannot be upgraded directly. For example: rpm -Uvh openssl-1.1.1t-1.el7.x86_64.rpm
centos7 upgrade openssl 1.1.1t
# 强制安装 忽略依赖
[root@localhost x86_64]# rpm -ivh openssl-1.1.1t-1.el7.centos.x86_64.rpm --nodeps --force
Preparing... ################################# [100%]
Updating / installing...
1:openssl-1.1.1t-1.el7.centos ################################# [100%]
[root@localhost openssh-8.7p1]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
Note:
Soft links cannot be deleted directly.
If you need to use a new version for development, you need to replace the original soft link pointer, that is, replace the original dynamic library and upgrade the version.
Replace the corresponding dynamic libraries that exist in /lib(lib64) and /usr/lib(lib64) and /usr/local/lib(lib64):
ln -sf /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so
ln -sf /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so