openssl升级

1、查看操作系统版本:

cat /etc/redhat-release

Red Hat Enterprise Linux Server release 5.4 (Tikanga)

 

2、查看当前系统openssl软件包版本信息

rpm -qa |grep openssl

openssl-devel-0.9.8e-12.el5

openssl-0.9.8e-12.el5

openssl-devel-0.9.8e-12.el5

openssl-0.9.8e-12.el5

 

3、查看openssh软件版本信息

rpm -qa |grep openssh

openssh-askpass-4.3p2-36.el5

openssh-server-4.3p2-36.el5

openssh-4.3p2-36.el5

openssh-clients-4.3p2-36.el5

 

4、备份旧版本openssl重要文件,以防升级失败后openssl无法正常运行

mv /lib/libcrypto.so.6 /lib/libcrypto.so.6.bak

mv /lib/libssl.so.6 /lib/libssl.so.6.bak

mv /lib64/libcrypto.so.6 /lib64/libcrypto.so.6.bak

mv /lib64/libssl.so.6 /lib64/libssl.so.6.bak

 

/usr/local/ssl/bin/openssl version

OpenSSL 0.9.8y 5 Feb 2013

 

-----------------------------------------------------------------------------

5、编译安装新版本

tar zxvf openssl-1.0.1e.tar.gz

cd openssl-1.0.1e

./config shared

make

make install

 

/usr/local/ssl/bin/openssl version

OpenSSL 1.0.1e 11 Feb 2013

 

mv /usr/bin/openssl /usr/bin/openssl.bak

cp /usr/local/ssl/bin/openssl /usr/bin/

 

ldd /usr/bin/openssl

       libssl.so.1.0.0 => /usr/local/ssl/lib/libssl.so.1.0.0 (0x00002b3886fc8000)

       libcrypto.so.1.0.0 => /usr/local/ssl/lib/libcrypto.so.1.0.0 (0x00002b388722d000)

       libdl.so.2 => /lib64/libdl.so.2 (0x0000003f2f600000)

       libc.so.6 => /lib64/libc.so.6 (0x0000003f2ee00000)

       /lib64/ld-linux-x86-64.so.2 (0x0000003f2ea00000)

 

ln -s /usr/local/ssl/lib/libcrypto.so /lib/libcrypto.so.6

ln -s /usr/local/ssl/lib/libssl.so /lib/libssl.so

ln -s /usr/local/ssl/lib/libcrypto.so /lib64/libcrypto.so.6

ln -s /usr/local/ssl/lib/libssl.so /lib64/libssl.so

 

echo /usr/local/ssl/lib >> /etc/ld.so.conf

ldconfig -v

 

6、查看新版本的安装路径及用户权限:

[root@62SERVER openssl-1.0.1e]# which openssl

/usr/bin/openssl

[root@62SERVER openssl-1.0.1e]# ls -al /usr/bin/openssl

-rwxr-xr-x 1 root root 586788 04-23 15:37 /usr/bin/openssl

 

7、安装成功后查看新版本的openssl版本

[root@62SERVER openssl-1.0.1e]# /usr/bin/openssl version

OpenSSL 1.0.1e 11 Feb 2013

 

五、风险应急方案

如升级openssl后,发现无法正常运行,请马上进行回退操作后,回退操作如下:

 

mv /lib/libcrypto.so.6.bak  /lib/libcrypto.so.6

mv /lib/libssl.so.6.bak  /lib/libssl.so.6

mv /lib64/libcrypto.so.6.bak  /lib64/libcrypto.so.6.bak

mv /lib64/libssl.so.6.bak   /lib64/libssl.so.6.bak

posted @ 2018-10-17 13:50  elevenend  阅读(2826)  评论(0编辑  收藏  举报