openssl升级
1、查看操作系统版本:
cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
2、查看当前系统openssl软件包版本信息
rpm -qa |grep openssl
openssl-devel-0.9.8e-12.el5
openssl-0.9.8e-12.el5
openssl-devel-0.9.8e-12.el5
openssl-0.9.8e-12.el5
3、查看openssh软件版本信息
rpm -qa |grep openssh
openssh-askpass-4.3p2-36.el5
openssh-server-4.3p2-36.el5
openssh-4.3p2-36.el5
openssh-clients-4.3p2-36.el5
4、备份旧版本openssl重要文件,以防升级失败后openssl无法正常运行
mv /lib/libcrypto.so.6 /lib/libcrypto.so.6.bak
mv /lib/libssl.so.6 /lib/libssl.so.6.bak
mv /lib64/libcrypto.so.6 /lib64/libcrypto.so.6.bak
mv /lib64/libssl.so.6 /lib64/libssl.so.6.bak
/usr/local/ssl/bin/openssl version
OpenSSL 0.9.8y 5 Feb 2013
-----------------------------------------------------------------------------
5、编译安装新版本
tar zxvf openssl-1.0.1e.tar.gz
cd openssl-1.0.1e
./config shared
make
make install
/usr/local/ssl/bin/openssl version
OpenSSL 1.0.1e 11 Feb 2013
mv /usr/bin/openssl /usr/bin/openssl.bak
cp /usr/local/ssl/bin/openssl /usr/bin/
ldd /usr/bin/openssl
libssl.so.1.0.0 => /usr/local/ssl/lib/libssl.so.1.0.0 (0x00002b3886fc8000)
libcrypto.so.1.0.0 => /usr/local/ssl/lib/libcrypto.so.1.0.0 (0x00002b388722d000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000003f2f600000)
libc.so.6 => /lib64/libc.so.6 (0x0000003f2ee00000)
/lib64/ld-linux-x86-64.so.2 (0x0000003f2ea00000)
ln -s /usr/local/ssl/lib/libcrypto.so /lib/libcrypto.so.6
ln -s /usr/local/ssl/lib/libssl.so /lib/libssl.so
ln -s /usr/local/ssl/lib/libcrypto.so /lib64/libcrypto.so.6
ln -s /usr/local/ssl/lib/libssl.so /lib64/libssl.so
echo /usr/local/ssl/lib >> /etc/ld.so.conf
ldconfig -v
6、查看新版本的安装路径及用户权限:
[root@62SERVER openssl-1.0.1e]# which openssl
/usr/bin/openssl
[root@62SERVER openssl-1.0.1e]# ls -al /usr/bin/openssl
-rwxr-xr-x 1 root root 586788 04-23 15:37 /usr/bin/openssl
7、安装成功后查看新版本的openssl版本
[root@62SERVER openssl-1.0.1e]# /usr/bin/openssl version
OpenSSL 1.0.1e 11 Feb 2013
五、风险应急方案
如升级openssl后,发现无法正常运行,请马上进行回退操作后,回退操作如下:
mv /lib/libcrypto.so.6.bak /lib/libcrypto.so.6
mv /lib/libssl.so.6.bak /lib/libssl.so.6
mv /lib64/libcrypto.so.6.bak /lib64/libcrypto.so.6.bak
mv /lib64/libssl.so.6.bak /lib64/libssl.so.6.bak