如何在不解除安裝現有OpenSSL的情況下原始碼安裝配置新版OpenSSL+Apache
最近遇到一個問題,需要去安裝OpenSSL1.0.1c,但是Ubuntu10.04和11.04都只支援0.9.8版本的OpenSSL包。本來想解除安裝OpenSSL再安裝新版本的。我在Ubuntu11.04上引入了12.04的源,直接Upgrade舊版OpenSSL,並安裝了幾個新版本的依賴包,結果意想不到的事情發生了,我的virtualbox虛擬機器軟體不能運行了,提示錯誤,(failed to create virtualbox object!)死活都沒法搞定。猜測是由於升級了一些依賴庫後發生了故障,至此對預編譯之軟體包失望至極。
今天閒來無事,決定無論如何要試試原始碼編譯OpenSSL,並和Apache協同工作。我參考了網上的一些文章後開始動手實踐。
首先是編譯OpenSSL,這個很簡單。
./config prefix=/usr/local/openssl && make install
本來我還想解除安裝舊版本的OpenSSL的,後來放棄了,因為:
sudo apt-get remove openssl [sudo] password for **: Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libqimageblitz4 ijsgutenprint libotr2 language-pack-kde-en quassel-data libvncserver0 amarok-common libaccess-bridge-java-jni libflac++6 language-pack-kde-zh-hans libaccess-bridge-java libplasma-geolocation-interface4 language-pack-kde-en-base plasma-widget-kimpanel-backend-ibus k3b-data libqtscript4-core python-qt4-dbus libqtscript4-gui libqtscript4-uitools libindicate-qt0 libpoppler-qt4-3 libzip1 openoffice.org-l10n-zh-cn libqtscript4-sql ksysguardd libqtscript4-xml openoffice.org-l10n-en-gb libqca2-plugin-ossl libepub0 libtag-extras1 liblastfm0 libqtscript4-network language-pack-kde-zh-hans-base libmsn0.3 Use 'apt-get autoremove' to remove them. The following packages will be REMOVED: akonadi-server akregator amarok amarok-utils apport-kde apt-transport-https apturl apturl-kde ark bluez-cups ca-certificates ca-certificates-java couchdb-bin cups cups-driver-gutenprint default-jre default-jre-headless desktopcouch dolphin dragonplayer evolution-couchdb foo2zjs foomatic-db foomatic-db-engine foomatic-db-gutenprint freespacenotifier gdebi-kde ghostscript-cups gnupg-curl gwenview gwibber gwibber-service hpijs-ppds hplip icedtea-6-jre-cacao icedtea-netx install-package jockey-kde k3b kaddressbook kamera kate kbluetooth kcalc kcm-gtk kcm-touchpad kde-l10n-engb kde-l10n-zhcn kde-window-manager kde-zeroconf kdebase-bin kdebase-runtime kdebase-workspace kdebase-workspace-bin kdebase-workspace-data kdebase-workspace-kgreet-plugins kdegraphics-strigi-plugins kdelibs-bin kdelibs5 kdemultimedia-kio-plugins kdepasswd kdepim-groupware kdepim-kresources kdepim-runtime kdepim-strigi-plugins kdepim-wizards kdepimlibs5 kdesudo kdm kerneloops-daemon kfind khelpcenter4 klipper kmag kmail kmix kmousetool knm-runtime knotes konqueror konqueror-nsplugins konsole kontact kopete kopete-message-indicator korganizer kpackagekit kppp krdc krfb ksnapshot ksysguard ksystemlog ktimetracker kubuntu-debug-installer kubuntu-desktop kubuntu-konqueror-shortcuts kubuntu-notification-helper kvkbd kwalletmanager language-selector-qt libakonadiprivate1 libcurl3 libcurl3-gnutls libk3b6 libk3b6-extracodecs libkcddb4 libkdcraw8 libkdecorations4 libkdepim4 libkexiv2-8 libkfontinst4 libkipi7 libkleo4 libkonq5 libkonqsidebarplugin4 libkopete4 libkpgp4 libkscreensaver5 libksgrd4 libksieve4 libksignalplotter4 libkwineffects1 libkworkspace4 libmimelib4 libokularcore1 libplasma-applet-system-monitor4 libplasma3 libplasmaclock4 libplasmagenericshell4 libprocesscore4 libprocessui4 libraptor1 librasqal2 librdf0 libsolidcontrol4 libsoprano4 libtaskmanager4 libweather-ion4 network-manager-kde okular okular-extra-backends openjdk-6-jre openjdk-6-jre-headless openjdk-6-jre-lib openoffice.org-base-core openoffice.org-calc openoffice.org-core openoffice.org-draw openoffice.org-emailmerge openoffice.org-gnome openoffice.org-gtk openoffice.org-help-en-gb openoffice.org-help-en-us openoffice.org-help-zh-cn openoffice.org-impress openoffice.org-kde openoffice.org-math openoffice.org-style-oxygen openoffice.org-writer openprinting-ppds openssl packagekit packagekit-backend-apt plasma-dataengines-addons plasma-dataengines-workspace plasma-desktop plasma-scriptengine-javascript plasma-scriptengine-python plasma-widget-facebook plasma-widget-folderview plasma-widget-kimpanel plasma-widget-kubuntu-feedback plasma-widget-message-indicator plasma-widget-quickaccess plasma-widgets-addons plasma-widgets-workspace polkit-kde-1 printer-applet pxljr python-desktopcouch python-desktopcouch-records python-kde4 python-pycurl python-software-properties python-ubuntuone-client python-uno quassel software-properties-gtk software-properties-kde soprano-daemon splix ssl-cert system-config-printer-kde systemsettings ubuntu-desktop ubuntuone-client update-manager-kde usb-creator-kde userconfig xul-ext-ubufox 0 upgraded, 0 newly installed, 201 to remove and 0 not upgraded. After this operation, 823MB disk space will be freed. Do you want to continue [Y/n]?
這麼多軟體包,不是逼老子把整個系統都解除安裝掉麼!!!
我使用了幾個技巧來處理這個問題
首先是把新版本OpenSSL的安裝路徑加入$PATH
sudo gvim ~/.bashrc
在檔案末尾加上:
PATH="$PATH:/usr/local/openssl/bin:" export PATH
然後儲存
將/usr/bin/openssl改名
/usr/bin$ sudo mv openssl openssl0.9.8
這樣的就可以在命令列中直接使用新版的OpenSSL了
$ openssl version -a OpenSSL 1.0.1c 10 May 2012 built on: Sun Jul 22 20:43:26 CST 2012 platform: linux-elf options: bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) idea(int) blowfish(idx) compiler: gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: "/usr/local/openssl/ssl"
變更include標頭檔案:
/usr/include$ sudo mv openssl openssl0.9.8
/usr/include$ sudo cp -r /usr/local/openssl/include ./
還需要重新編譯Apache才能使用新版的OpenSSL
$ ./configure --prefix=/usr/local/apache2.4 --with-layout=Apache
--enable-modulues=most --enable-mods-shared=all --with-mpm=prefork
--with-ssl=/usr/local/openssl
注意最後一句是啟用新版OpenSSL的關鍵
然後就是套路了,make && make install
配置……
然後測試一下,證明已經可以用的一個證據是:
./ab -t 5 -c 100 -n 20000 https://127.0.0.1/index.html This is ApacheBench, Version 2.4 (OpenSSL 1.0.1c 10 May 2012)
看來以後要多用原始碼安裝,少用系統預編譯的包,不然可更新軟