简单记录下升级 OpenSSL 的过程

红薯 发布于 2013/07/01 19:07
阅读 5K+
收藏 24
OSChina 的入口服务器的系统是很久以前安装的红帽 5.x 的系统,上面自带的 OpenSSL,版本是:
[root@liubc conf]# openssl version
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
结果导致该机的 Nginx 无法通过 https 连接到后端的 tomcat 上,后端的 openssl 版本为:
[root@R710 ~]# openssl version
OpenSSL 1.0.0-fips 29 Mar 2010

今天想把 OpenSSL 升级到最新版本,用来解决 https 必须使用本机 tomcat 的问题。

不敢直接升级系统自带的 OpenSSL,怕引起其他不可预料的问题。

下面是升级的步骤:

1. 下载最新的 openssl ->openssl-1.0.1e.tar.gz
2. 解压即可,假设解压后目录为 /tmp/openssl-1.0.1e
3. 下载最新的 Tengine -> tengine-1.4.6.tar.gz
4. 解压 Tengine
5. 进入 Tengine 解压后的目录
6. ./configure --prefix=/data/tengine-1.4.6 --with-openssl=/tmp/openssl-1.0.1e
7. make  ##这一步执行时间很长,因为要顺便把 OpenSSL 给编译了
8. make install

安装完毕,将老的配置复制到新的 Tengine 目录,启动即可。

测试 HTTPS 连接,没问题了!

加载中
0
WeirdBIrd
WeirdBIrd
赞一个.. 
0
shudu
shudu

红薯的这种使用openssl的方式也是我们采用的,强烈推荐!

使用单独的openssl不仅可以不受系统版本的影响,而且可以使用openssl和硬件的特性。比如较新版本的openssl可以使用CPU的AESNI指令集,从而有效的提高HTTPS的性能。

红薯
红薯
:D
0
leon_rock
leon_rock

加了openssl报错

"_X509_get_issuer_name", referenced from:
      _ngx_ssl_get_issuer_dn in ngx_event_openssl.o
  "_X509_get_pubkey", referenced from:
      _ngx_ssl_certificate in ngx_event_openssl.o
  "_X509_get_serialNumber", referenced from:
      _ngx_ssl_get_serial_number in ngx_event_openssl.o
  "_X509_get_subject_name", referenced from:
      _ngx_ssl_get_subject_dn in ngx_event_openssl.o
  "_X509_verify_cert_error_string", referenced from:
      _ngx_http_process_request in ngx_http_request.o
  "_d2i_SSL_SESSION", referenced from:
      _ngx_ssl_get_cached_session in ngx_event_openssl.o
  "_d2i_X509_bio", referenced from:
      _ngx_ssl_certificate in ngx_event_openssl.o
  "_i2a_ASN1_INTEGER", referenced from:
      _ngx_ssl_get_serial_number in ngx_event_openssl.o
  "_i2d_SSL_SESSION", referenced from:
      _ngx_ssl_get_session_id in ngx_event_openssl.o
      _ngx_ssl_new_session in ngx_event_openssl.o
ld: symbol(s) not found for architecture x86_64
collect2: ld returned 1 exit status
make[1]: *** [objs/nginx] Error 1
make: *** [build] Error 2

0
shudu
shudu

引用来自“eyelee”的答案

加了openssl报错

"_X509_get_issuer_name", referenced from:
      _ngx_ssl_get_issuer_dn in ngx_event_openssl.o
  "_X509_get_pubkey", referenced from:
      _ngx_ssl_certificate in ngx_event_openssl.o
  "_X509_get_serialNumber", referenced from:
      _ngx_ssl_get_serial_number in ngx_event_openssl.o
  "_X509_get_subject_name", referenced from:
      _ngx_ssl_get_subject_dn in ngx_event_openssl.o
  "_X509_verify_cert_error_string", referenced from:
      _ngx_http_process_request in ngx_http_request.o
  "_d2i_SSL_SESSION", referenced from:
      _ngx_ssl_get_cached_session in ngx_event_openssl.o
  "_d2i_X509_bio", referenced from:
      _ngx_ssl_certificate in ngx_event_openssl.o
  "_i2a_ASN1_INTEGER", referenced from:
      _ngx_ssl_get_serial_number in ngx_event_openssl.o
  "_i2d_SSL_SESSION", referenced from:
      _ngx_ssl_get_session_id in ngx_event_openssl.o
      _ngx_ssl_new_session in ngx_event_openssl.o
ld: symbol(s) not found for architecture x86_64
collect2: ld returned 1 exit status
make[1]: *** [objs/nginx] Error 1
make: *** [build] Error 2

你是怎么操作的,能否详细描述一下?多谢。
返回顶部
顶部