How to Upgrade Openssl in Centos 6.5/Linux/Unix from Source

How to upgrade OpenSSL in CentOS 6.5 / Linux / Unix from source?

./config --prefix=/usr --openssldir=/usr/local/openssl shared

Try this config line instead to overwrite the default. It installs to prefix /usr/local/ssl by default in your setup when you leave off the prefix. You probably have "/usr/local/ssl/bin/openssl" instead of overwriting /usr/bin/openssl. You can also use /usr/local for prefix instead, but you would need to adjust your path accordingly if that is not already on your path. Here is the INSTALL documentation:

  $ ./config
  $ make
  $ make test
  $ make install

 [If any of these steps fails, see section Installation in Detail below.]

This will build and install OpenSSL in the default location, which is (for
historical reasons) /usr/local/ssl. If you want to install it anywhere else,
run config like this:

  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl

https://github.com/openssl/openssl/blob/master/INSTALL
http://heartbleed.com/

Is it possible to in-place upgrade CentOS 7 to 8

from CentOS official site
I just noticed this. https://www.centos.org/forums/viewtopic.php?f=47&t=71896

Recompile PHP with OpenSSL on CentOS

Yes, you need to download dev package of openssl (sources/headers), sources of PHP and configure it with following keys:

--with-openssl --with-openssl-dir=/usr/local/bin

as per PHP Manual > OpenSSL > Installing/Configuring

You also may want to use other keys like --with-curl=/usr/local or --with-gd -- check with documentation at PHP Manual > Appendices > Configure options and installation manuals for every module your want to compile it with like GD2 or Curl

NOTE: You will need to download dev-packages of every module you are
going to compile - it consumes noticable amount of time, plan accordingly.

NOTE 2: Keep in mind that all modules you are going to compile into
your own build of PHP will be accessible through its functions (like
image manipulation, https/curl requests etc), so it is highly
recommended to use only stable and proven versions of modules not to
add a new vulnerability to your web-site.

** UPDATE **

./configure --with-openssl --with-openssl-dir=/usr/bin \
    --with-zlib=[DIR] \
    --enable-zip \
    --enable-opcache \
    --with-pdo-mysql=[DIR] \
    --with-mysqli=[DIR] \
    --with-mysql-sock=/var/lib/mysql/mysql.sock \
    --with-mcrypt=[DIR] \
    --enable-mbstring \
    --enable-intl \
    --with-png-dir=[DIR] \
    --with-jpeg-dir=[DIR] \
    --with-gd=[DIR] \
    --with-curl=[DIR] \
    --with-bz2=[DIR] \
    --enable-bcmath

[DIR]'s can be discovered automatically, but I faced a lot of situations when they are different from what PHP expects.

xmlreader, xmlwriter, simplexml are enabled by default starting with PHP 5.1.2

sqlite3, pdo-sqlite are enabled by default starting with PHP 5.3.0

--enable-gd-native-ttf is deprecated starting PHP 5.5.0, removed in PHP 7.2.0.


Related Topics

Where Is the Stack Memory Allocated from for a Linux Process

Oracle:Io Exception: the Network Adapter Could Not Establish the Connection

Create a Symbolic Link of Directory in Ubuntu

Check If Directory Mounted with Bash

Linux Pipe Audio File to Microphone Input

Run ASP.NET Core App Under Linux on Startup

Grep Files Based on Time Stamp

Using Mkdir -M -P and Chown Together Correctly

In Linux Terminal, How to Delete All Files in a Directory Except One or Two

Invalid Argument" Setting Key "Net.Core.Somaxconn"

Assigning Dynamic Bash Variable Names Using a for Loop Seq

How to Find Words from One File in Another File

What's a .Sh File

What's an Alternative for Dtrace on Linux

How to Remove All White Spaces from a Given Text File

How to Get All Parent Processes and All Subprocesses with 'Pstree'

Can Not Connect to Linux "Abstract" Unix Socket

Png.H File Not Found - Linux


Leave a reply



Submit