CentOS 升级OpenSSL与CURL

#查看安装
rpm -qa | grep curl
curl-7.29.0-25.el7.centos.x86_64
libcurl-devel-7.29.0-25.el7.centos.x86_64
libcurl-7.29.0-25.el7.centos.x86_64

rpm -ql curl-7.29.0-25.el7.centos.x86_64
/usr/bin/curl

rpm -ql libcurl-7.29.0-25.el7.centos.x86_64
/usr/lib64/libcurl.so.4 -> libcurl.so.4.3.0
/usr/lib64/libcurl.so.4.3.0

rpm -ql libcurl-devel-7.29.0-25.el7.centos.x86_64
/usr/bin/curl-config
/usr/include/curl
/usr/include/curl/curl.h
/usr/include/curl/curlbuild-64.h
/usr/include/curl/curlbuild.h
/usr/include/curl/curlrules.h
/usr/include/curl/curlver.h
/usr/include/curl/easy.h
/usr/include/curl/mprintf.h
/usr/include/curl/multi.h
/usr/include/curl/stdcheaders.h
/usr/include/curl/typecheck-gcc.h
/usr/lib64/libcurl.so -> libcurl.so.4.3.0
/usr/lib64/pkgconfig/libcurl.pc
/usr/share/aclocal/libcurl.m4

#在Ubuntu下查看 默认使用OpenSSL
curl -V
curl 7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp smtp smtps telnet tftp 
Features: GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP

#在CentOS下查看 默认使用NSS
curl -V
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.19.1 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz

#CentOS中使用一个第三方源升级
#http://www.city-fan.org/ftp/contrib/yum-repo/有专门针对rhel的源
#wget www.city-fan.org/ftp/contrib/yum-repo/city-fan.org-release-1-13.rhel6.noarch.rpm
wget www.city-fan.org/ftp/contrib/yum-repo/city-fan.org-release-1-13.rhel7.noarch.rpm
rpm -Uvh city-fan.org-release-1-13.rhel7.noarch.rpm

yum repolist

yum update libcurl
======================================================================================================================================
 Package                                 Arch                  Version                              Repository                   Size
======================================================================================================================================
Updating:
 libcurl                                 x86_64                7.51.0-3.0.cf.rhel7                  city-fan.org                387 k
Installing for dependencies:
 libmetalink                             x86_64                0.1.3-1.rhel7                        city-fan.org                 25 k
 libnghttp2                              x86_64                1.7.1-1.el7                          epel                         61 k
 libpsl                                  x86_64                0.7.0-1.el7                          city-fan.org                 45 k
 libssh2-devel                           x86_64                1.8.0-1.0.cf.rhel7                   city-fan.org                 72 k
 nspr-devel                              x86_64                4.11.0-1.el7_2                       updates                     114 k
 nss-devel                               x86_64                3.21.0-9.el7_2                       updates                     211 k
 nss-softokn-devel                       x86_64                3.16.2.3-14.2.el7_2                  updates                      26 k
 nss-softokn-freebl-devel                x86_64                3.16.2.3-14.2.el7_2                  updates                      46 k
 nss-util-devel                          x86_64                3.21.0-2.2.el7_2                     updates                      71 k
Updating for dependencies:
 curl                                    x86_64                7.51.0-3.0.cf.rhel7                  city-fan.org                430 k
 libcurl-devel                           x86_64                7.51.0-3.0.cf.rhel7                  city-fan.org                793 k
 libssh2                                 x86_64                1.8.0-1.0.cf.rhel7                   city-fan.org                102 k

#在CentOS 7.x中升级后(多了nghttp2/1.7.1)
curl -V
curl 7.51.0 (x86_64-redhat-linux-gnu) libcurl/7.51.0 NSS/3.21 Basic ECC zlib/1.2.7 libpsl/0.7.0 (+libicu/50.1.2) libssh2/1.8.0 nghttp2/1.7.1
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz HTTP2 UnixSockets Metalink PSL

除了使用YUM来升级,也可以到官方下载RPM包(http://mirror.city-fan.org/ftp/contrib/sysutils/Mirroring/),比如:libcurl-7.51.0-3.0.cf.rhel7.x86_64.rpm:

rpm -Uvh libcurl-7.51.0-3.0.cf.rhel7.x86_64.rpm 
warning: libcurl-7.51.0-3.0.cf.rhel7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID b56a8bac: NOKEY
error: Failed dependencies:
	libnghttp2.so.14()(64bit) is needed by libcurl-7.51.0-3.0.cf.rhel7.x86_64
	libpsl.so.0()(64bit) is needed by libcurl-7.51.0-3.0.cf.rhel7.x86_64
	libssh2(x86-64) >= 1.8.0 is needed by libcurl-7.51.0-3.0.cf.rhel7.x86_64
	libcurl = 7.29.0-25.el7.centos is needed by (installed) curl-7.29.0-25.el7.centos.x86_64

直接使用RPM包安装,我们需要手动解决依赖,libnghttp2和libpsl在epel源中,直接yum安装就可以,不过libssh2版本就不符合要求了。

YUM或RPM包安装(CentOS系),默认使用NSS,这个东西类似OpenSSL,用来加密,对于HTTP来说就是提供HTTPS服务。如果需要用OpenSSL,那么就需要自己编译了:

cd curl-7.51.0/

./configure --without-nss --with-ssl && make &&make install

curl -V
curl 7.51.0 (x86_64-pc-linux-gnu) libcurl/7.51.0 OpenSSL/1.0.1e zlib/1.2.7 libssh2/1.8.0
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: IPv6 Largefile NTLM NTLM_WB SSL libz UnixSockets

编译:

yum install zlib zlib-devel

###### OpenSSL
wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
tar zxvf openssl-1.0.2j.tar.gz
cd openssl-1.0.2j

#默认就是安装到/usr/local/ssl
./config --prefix=/usr/local/ssl shared zlib 
make && make install 

#配置库文件搜索路径
echo  "/usr/local/ssl/lib"  >>  /etc/ld.so.conf
ldconfig -v

#安全起见把这两个包拷贝进去
cp /usr/local/ssl/lib/libssl.so.1.0.0 /usr/lib64
cp /usr/local/ssl/lib/libcrypto.so.1.0.0 /usr/lib64/


###### Curl
wget https://curl.haxx.se/download/curl-7.51.0.tar.gz
tar zxvf curl-7.51.0.tar.gz
cd curl-7.51.0

#指定SSL安装类目
./configure --prefix=/usr/local/curl --without-nss --with-ssl=/usr/local/ssl
make && make install

#安装后配置(用自己安装的替换系统原来的)
mv /usr/bin/curl /usr/bin/curl.old
ln -s /usr/local/curl/bin/curl /usr/bin/curl

echo  "/usr/local/curl/lib"  >>  /etc/ld.so.conf
ldconfig -v

# 以下操作参考
#mv /usr/lib64/libcurl.so.4.4.0 /usr/lib64/libcurl.so.4.4.0.old
#ln -s /usr/local/curl/lib/libcurl.so.4.4.0 /usr/lib64/libcurl.so.4.4.0