1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
NTS needs TLS 1.3 or newer.
That was first supported in OpenSSL 1.1.1
(1.1.1a is broken)
Some OSes/Distros don't support a new enough version of OpenSSL
This file contains notes on how to download, build, and install 1.1.1g
It also works for testing 3.0.0 alpha
It's rough. Don't be surprised by bugs/oversights.
Corrections, clarifications and feedback encouraged.
Download OpenSSL source from here:
https://www.openssl.org/source/
https://www.openssl.org/source/old/1.1.1/
You should be able to cut/paste many of these lines.
cd xxx
mkdir OpenSSL
cd OpenSSL
for OpenSSL 1.1.1g
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
tar -xzf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g
for OpenSSL 3.0.0 alpha6
wget https://www.openssl.org/source/openssl-3.0.0-alpha6.tar.gz
tar -xzf openssl-3.0.0-alpha6.tar.gz
cd openssl-3.0.0-alpha6
# Check NOTES.PERL
# for CentOS, you need
sudo yum install perl-core
Fedora needs
sudo dnf install perl-IPC-Cmd
For make test on Fedora
sudo dnf install perl-Test-Harness perl perl-Pod-Html
On Linux
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared
enable-des
make
sudo make install
cd /etc/ld.so.conf.d
echo "/usr/local/ssl/lib" > openssl-1.1.1g.conf
echo "/usr/local/ssl/lib" > openssl-3.0.0-alpha.conf
ldconfig
# check with
/usr/local/ssl/bin/openssl version
# Note that the directories in the above config line need to
# match where wscript looks for your OS.
# The above works for CentOS 7
Fedora and CentOS 7 need this if you use real certificates:
nts ca /etc/pki/tls/certs/ca-bundle.trust.crt
|
