Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to upgrade OpenSSL in CentOS 6.5 / Linux / Unix from source?

Tags:

linux

security

ssl

openssl

centos

How do I upgrade OpenSSL in CentOS 6.5?

I have used these commands, but nothings happens:

 cd /usr/src  wget http://www.openssl.org/source/openssl-1.0.1g.tar.gz  tar -zxf openssl-1.0.1g.tar.gz  cd openssl-1.0.1g  ./config  make  make test  make install  cd /usr/src  rm -rf openssl-1.0.1g.tar.gz  rm -rf openssl-1.0.1g

After using this command, I get the old version

openssl version
like image 494
Mostafa Avatar asked Apr 09 '14 03:04

Mostafa

People also ask

Where is OpenSSL installed in CentOS?

Now, move into the extracted directory, configure, build, after a successful build, test the libraries and install OpenSSL in the default location, which is /usr/local/ssl, by running the following commands.

Where is OpenSSL installed Linux?

Find the path to the trusted certificatesOPENSSLDIR: "/var/ssl" (AIX) OPENSSLDIR: "/etc/pki/tls" (RHEL) OPENSSLDIR: "/etc/ssl" (SLES) OPENSSLDIR: "/usr/lib/ssl" (Ubuntu)

2 Answers

The fix for the heartbleed vulnerability has been backported to 1.0.1e-16 by Red Hat for Enterprise Linux see, and this is therefore the official fix that CentOS ships.

Replacing OpenSSL with the latest version from upstream (i.e. 1.0.1g) runs the risk of introducing functionality changes which may break compatibility with applications/clients in unpredictable ways, causes your system to diverge from RHEL, and puts you on the hook for personally maintaining future updates to that package. By replacing openssl using a simple make config && make && make install means that you also lose the ability to use rpm to manage that package and perform queries on it (e.g. verifying all the files are present and haven't been modified or had permissions changed without also updating the RPM database).

I'd also caution that crypto software can be extremely sensitive to seemingly minor things like compiler options, and if you don't know what you're doing, you could introduce vulnerabilities in your local installation.

like image 78
Alex Butcher Avatar answered Sep 22 '22 22:09

Alex Butcher

 
./config --prefix=/usr --openssldir=/usr/local/openssl shared

Try this config line instead to overwrite the default. It installs to prefix /usr/local/ssl by default in your setup when you leave off the prefix. You probably have "/usr/local/ssl/bin/openssl" instead of overwriting /usr/bin/openssl. You can also use /usr/local for prefix instead, but you would need to adjust your path accordingly if that is not already on your path. Here is the INSTALL documentation:

  $ ./config   $ make   $ make test   $ make install   [If any of these steps fails, see section Installation in Detail below.]  This will build and install OpenSSL in the default location, which is (for historical reasons) /usr/local/ssl. If you want to install it anywhere else, run config like this:    $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl

https://github.com/openssl/openssl/blob/master/INSTALL http://heartbleed.com/

like image 29
jmq Avatar answered Sep 21 '22 22:09

jmq
Sign in to Comment

Related questions

Backup a running Docker container?
How can I open vim with a particular line number at the top?
Using a remote host's USB port as local USB (Linux and Windows) [closed]
What is a sysroot exactly and how do I create one ?
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" How does that work?
Linux kernel "historical" git repository with full history
Specifying multiple files with LD_PRELOAD
In SSHD Configuration what does "MaxStartups 10:30:60" mean? [closed]
Mount SMB/CIFS share within a Docker container
Linux shell script to add leading zeros to file names
How to execute a shell script from C in Linux?
How can I suppress error messages of a command?
What is the *nix command to view a user's default login shell
Remove line of text from multiple files in Linux
How do I execute external program within C code in linux with arguments?
Exclude list of files from find
Get Docker Container Names
"Please try running this command again as Root/Administrator" error when trying to install LESS
find a pattern in files and rename them [closed]
apache not accepting incoming connections from outside of localhost

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!