Note: For safety, back up the old version of openssl related files
#迭代直接替换原有文件 – 如有需要建议备份以下文件
mkdir ~/ssl_bak
cp /usr/bin/openssl ~/ssl_bak
cp /usr/lib64/libcrypto.so.1.0.2k ~/ssl_bak
cp /usr/lib64/libssl.so.1.0.2k ~/ssl_bak
1. Download openssl
[root@localhost ~]# wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1s.tar.gz
2. Install related dependencies
[root@localhost ~]# yum -y install curl which make gcc perl perl-WWW-Curl rpm-build
Note: centos/radhat6 version perl-WWW-Curl needs to be downloaded manually
[root@localhost ~]# wget http://mirrors.aliyun.com/centos-vault/6.10/os/x86_64/Packages/perl-WWW-Curl-4.09-4.el6.x86_64.rpm
[root@localhost ~]# rpm -ivh perl-WWW-Curl-4.09-4.el6.x86_64.rpm
3. Create the directory required for compilation
[root@localhost ~]# mkdir -p /root/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
4. Manually write the openssl.spec file
cat << 'EOF' > /root/rpmbuild/SPECS/openssl.spec
Summary: OpenSSL 1.1.1s for redhat
Name: openssl
Version: %{?version}%{!?version:1.1.1s}
Release: 1%{?dist}
Obsoletes: %{name} <= %{version}
Provides: %{name} = %{version}
URL: https://www.openssl.org/
License: GPLv2+
Source: https://www.openssl.org/source/%{name}-%{version}.tar.gz
BuildRequires: make gcc perl perl-WWW-Curl
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%global openssldir /usr/local/newopenssl/openssl111i
%description
OpenSSL RPM for version 1.1.1s on redhat
%package devel
Summary: Development files for programs which will use the openssl library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
%description devel
OpenSSL RPM for version 1.1.1s on redhat (development package)
%prep
%setup -q
%build
./config --prefix=%{openssldir} --openssldir=%{openssldir}
make -j4
%install
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
%make_install
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libssl.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libcrypto.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/bin/openssl %{buildroot}%{_bindir}
%clean
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
%files
%{openssldir}
%defattr(-,root,root)
/usr/bin/openssl
/usr/lib64/libcrypto.so.1.1
/usr/lib64/libssl.so.1.1
%files devel
%{openssldir}/include/*
%defattr(-,root,root)
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
EOF
5. Prepare the corresponding package and compile the rpm package
[root@localhost ~]# cp openssl-1.1.1s.tar.gz /root/rpmbuild/SOURCES
cd /root/rpmbuild/SPECS && \
rpmbuild \
-D "version 1.1.1s" \
-ba openssl.spec
6. Check whether the rpm package of openssl is generated
[root@localhost SPECS]# cd /root/rpmbuild/RPMS/x86_64/
[root@localhost x86_64]# ls
openssl-1.1.1s-1.el6.x86_64.rpm openssl-devel-1.1.1s-1.el6.x86_64.rpm
7. Upgrade openssl to 1.1.1s
[root@localhost x86_64]# rpm -ivh openssl-1.1.1s-1.el6.x86_64.rpm --force --nodeps
Notice:
There is a risk in upgrading to a higher version of openssl !
- Do not uninstall the original openssl in advance For example: rpm -e openssl-1.0.2k-21.el7_9.x86_64
- You cannot directly upgrade openssl 1.1.1s For example: rpm -Uvh openssl-1.1.1s-1.el6.x86_64.rpm
The soft link cannot be deleted directly.
If you need to use the new version for development, you need to replace the original soft link point, that is, replace the original dynamic library and upgrade the version.
Replace the corresponding dynamic libraries that exist in /lib(lib64) and /usr/lib(lib64) and /usr/local/lib(lib64):
ln -sf /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so
ln -sf /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so