Centos
用openssl編譯curl給出錯誤的openssl版本
我已經找到了各種答案,但我找不到任何適合我的東西。我正在嘗試在我的 CentOS 伺服器上使用 nghttp2 編譯 curl。
我已經編譯好了,但我的問題是
curl -V顯示錯誤的 openssl 版本:curl 7.51.0-DEV (x86_64-unknown-linux-gnu) libcurl/7.51.0-DEV OpenSSL/1.0.1e zlib/1.2.3 nghttp2/1.16.0-DEV Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: IPv6 Largefile NTLM NTLM_WB SSL libz HTTP2 UnixSockets當我這樣做時
openssl version,它會報告:OpenSSL 1.0.2h 3 May 2016誰能幫我解決這個問題(我在這裡超出了我的舒適區!)?據我了解,http2 無法正常工作,因為 openssl 需要為 1.0.2。
謝謝
編輯
我嘗試將我的配置更改為:
./configure --with-nghttp2=/usr/local --with-ssl=/var/tmp/openssl-1.0.2h CPPFLAGS="-I/var/tmp/openssl-1.0.2h/include/openssl" LDFLAGS="-L/var/tmp/openssl-1.0.2h"但是現在配置沒有完成:
error: one or more libs available at link-time are not available run-time. Libs used at link-time: -lnghttp2 -lssl -lcrypto -lz -lrt問題肯定出在 openssl 連結上,因為我可以使用
--without-ssl. 我想,我的路徑一定是錯誤的——但我不確定它們應該指向什麼?
我認為這裡的訣竅是您需要獲取所有三個組件(OpenSSL、ngHTTP 和 cURL)才能使用新建構的 OpenSSL。最簡單的方法是使用 RPATH,它
-Wl,-rpath,/usr/local/lib顯示的打擊。建構 OpenSSL
OpenSSL 不
CFLAGS支持 ,因此您需要添加-Wl,-rpath,/usr/local/lib到您的配置行。它解釋了像ec_nistp_64_gcc_128.另請參閱OpenSSL wiki 上的編譯和安裝。
$ wget https://www.openssl.org/source/openssl-1.1.0b.tar.gz $ tar xzf openssl-1.1.0b.tar.gz $ cd openssl-1.1.0b $ ./Configure linux-x86_64 shared no-ssl2 no-ssl3 no-comp enable-ec_nistp_64_gcc_128 -Wl,-rpath,/usr/local/lib Configuring OpenSSL version 1.1.0b (0x0x1010002fL) ***** Deprecated options: no-ssl2 ... SIXTY_FOUR_BIT_LONG mode Configured for linux-x86_64. $ make -j 4 ... $ sudo make install ... $ /usr/local/bin/openssl version OpenSSL 1.1.0b 26 Sep 2016 $ ldd /usr/local/bin/openssl linux-vdso.so.1 => (0x00007ffcd27e0000) libssl.so.1.1 => /usr/local/lib/libssl.so.1.1 (0x00007fe8f8740000) libcrypto.so.1.1 => /usr/local/lib/libcrypto.so.1.1 (0x00007fe8f8294000) ...CFLAGS 和 CXXFLAGS
現在新的 OpenSSL 可用,您需要其他組件才能使用它。輕微的皺紋 ngHTTP 同時使用
gccandg++,因此您需要同時調整CFLAGSandCXXFLAGS。就個人而言,我不會弄亂
CPPFLAGS,這是 C 預處理器的標誌。編譯器驅動程序的工作是在需要時將它們傳遞給預處理器。$ export CFLAGS="-I/usr/local/include/ -L/usr/local/lib -Wl,-rpath,/usr/local/lib -lssl -lcrypto" $ export CXXFLAGS="-I/usr/local/include/ -L/usr/local/lib -Wl,-rpath,/usr/local/lib -lssl -lcrypto"建構 nghttp2
這裡的特殊項目是同時設置
CFLAGS和CXXFLAGS。$ wget https://github.com/nghttp2/nghttp2/releases/download/v1.16.0/nghttp2-1.16.0.tar.gz $ tar xzf nghttp2-1.16.0.tar.gz $ cd nghttp2-1.16.0 $ CFLAGS="$CFLAGS" CXXFLAGS="$CXXFLAGS" ./configure ... Compiler: C compiler: gcc CFLAGS: -I/usr/local/include/ -L/usr/local/lib -Wl,-rpath,/usr/local/lib -lssl -lcrypto LDFLAGS: C++ compiler: g++ CXXFLAGS: -I/usr/local/include/ -L/usr/local/lib -Wl,-rpath,/usr/local/lib -lssl -lcrypto ... Libs: OpenSSL: yes (CFLAGS='-I/usr/local/include' LIBS='-L/usr/local/lib -lssl -lcrypto') ... $ make -j 4 ... $ sudo make install ... Libraries have been installed in: /usr/local/lib ...建構捲曲
這裡沒有什麼特別的。cURL 也將使用
CFLAGS.$ wget https://curl.haxx.se/download/curl-7.51.0.tar.gz $ tar xzf curl-7.51.0.tar.gz $ cd curl-7.51.0 $ ./configure --help | egrep '(ssl|tls|nghttp2)' --enable-tls-srp Enable TLS-SRP authentication --disable-tls-srp Disable TLS-SRP authentication --with-winssl enable Windows native SSL/TLS --without-winssl disable Windows native SSL/TLS --with-darwinssl enable Apple OS native SSL/TLS --without-darwinssl disable Apple OS native SSL/TLS --with-ssl=PATH Where to look for OpenSSL, PATH points to the SSL installation (default: /usr/local/ssl); when --without-ssl disable OpenSSL --with-gnutls=PATH where to look for GnuTLS, PATH points to the --without-gnutls disable GnuTLS detection --with-polarssl=PATH where to look for PolarSSL, PATH points to the --without-polarssl disable PolarSSL detection --with-mbedtls=PATH where to look for mbedTLS, PATH points to the --without-mbedtls disable mbedTLS detection --with-cyassl=PATH where to look for CyaSSL, PATH points to the --without-cyassl disable CyaSSL detection --with-axtls=PATH Where to look for axTLS, PATH points to the axTLS --without-axtls disable axTLS --with-nghttp2=PATH Enable nghttp2 usage --without-nghttp2 Disable nghttp2 usage $ ./configure --with-ssl=/usr/local --with-nghttp2=/usr/local checking whether to enable maintainer-specific portions of Makefiles... no checking whether make supports nested variables... yes ... checking for egrep... /bin/grep -E checking for ar... /usr/bin/ar configure: using CFLAGS: -I/usr/local/include/ -L/usr/local/lib -Wl,-rpath,/usr/local/lib -lssl -lcrypto ... configure: Configured to build curl/libcurl: curl version: 7.51.0 Host setup: x86_64-pc-linux-gnu Install prefix: /usr/local Compiler: gcc SSL support: enabled (OpenSSL) SSH support: no (--with-libssh2) zlib support: no (--with-zlib) GSS-API support: no (--with-gssapi) TLS-SRP support: enabled resolver: default (--enable-ares / --enable-threaded-resolver) IPv6 support: enabled Unix sockets support: enabled IDN support: no (--with-{libidn2,winidn}) Build libcurl: Shared=yes, Static=yes Built-in manual: enabled --libcurl option: enabled (--disable-libcurl-option) Verbose errors: enabled (--disable-verbose) SSPI support: no (--enable-sspi) ca cert bundle: /etc/ssl/certs/ca-certificates.crt ca cert path: no ca fallback: no LDAP support: no (--enable-ldap / --with-ldap-lib / --with-lber-lib) LDAPS support: no (--enable-ldaps) RTSP support: enabled RTMP support: no (--with-librtmp) metalink support: no (--with-libmetalink) PSL support: no (libpsl not found) HTTP2 support: enabled (nghttp2) Protocols: DICT FILE FTP FTPS GOPHER HTTP HTTPS IMAP IMAPS POP3 POP3S RTSP SMB SMBS SMTP SMTPS TELNET TFTP $ make -j 4 ... $ sudo make install ...驗證庫
在所有的箍之後,驗證事情。尤其重要的是 RPATH,因此您不必浪費時間在
LD_LIBRARY_PATH.-Wl,-rpath,/usr/local/lib確保將具有正確共享對象的路徑撥入執行檔。$ which curl /usr/local/bin/curl $ ldd /usr/local/bin/curl linux-vdso.so.1 => (0x00007ffcd0ffd000) libcurl.so.4 => /usr/local/lib/libcurl.so.4 (0x00007f86ad8a4000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f86ad4c4000) libnghttp2.so.14 => /usr/local/lib/libnghttp2.so.14 (0x00007f86ad293000) libssl.so.1.1 => /usr/local/lib/libssl.so.1.1 (0x00007f86ad025000) libcrypto.so.1.1 => /usr/local/lib/libcrypto.so.1.1 (0x00007f86acb79000) /lib64/ld-linux-x86-64.so.2 (0x0000560d3d474000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f86ac95b000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f86ac757000)最後:
$ /usr/local/bin/curl -V curl 7.51.0 (x86_64-pc-linux-gnu) libcurl/7.51.0 OpenSSL/1.1.0b nghttp2/1.16.0 Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: IPv6 Largefile NTLM NTLM_WB SSL TLS-SRP HTTP2 UnixSockets您可以使用以下方法進行清理:
$ cd .. $ rm -rf curl-7.51.0* nghttp2-1.16.0* openssl-1.1.0b* ...