作者: reistlin
来源: http://www.reistlin.com/blog/436
更新时间: 2023.05
版权声明: 原创文章.转载请保留作者信息和原文完整.谢绝任何方式的摘要

linux.pngcentos.png

一,升级 CentOS 6 openssl 1.0.2u

查看 CentOS 6 openssl 版本,默认为 1.0.1e
也可以用 yum info openssl 查看 CentOS6 默认版本信息

[reistlin@reistlin ~]$ openssl version  
OpenSSL 1.0.1e-fips 11 Feb 2013

wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2u.tar.gz --no-check-certificate
tar zxvf openssl-1.0.2u.tar.gz
cd openssl-1.0.2u
./config
make depend
make
make test
make install

默认安装路径:/usr/local/ssl/bin/openssl

安装完成后再次确认版本,升级成功

[reistlin@reistlin ~]$ openssl version
OpenSSL 1.0.2u  20 Dec 2019

二,安装 libressl 2.7.5

wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.5.tar.gz --no-check-certificate
tar zxvf libressl-2.7.5.tar.gz
cd libressl-2.7.5
./configure --prefix=/usr/local
make
make install

vim /etc/ld.so.conf

/usr/local/lib
/usr/local/lib64

ldconfig -v

三,安装 CentOS 6 Python 3.8.9

wget https://www.python.org/ftp/python/3.8.9/Python-3.8.9.tgz
tar zxvf Python-3.8.9.tgz
cd Python-3.8.9

vim Modules/Setup

取消下面 4 行注释,启用 libressl

# Socket module helper for SSL support; you must comment out the other
# socket line above, and possibly edit the SSL variable:
SSL=/usr/local/ssl
_ssl _ssl.c \
        -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
        -L$(SSL)/lib -lssl -lcrypto

./configure --prefix=/usr/local/python3 --enable-optimizations --with-openssl=/usr/local/ssl/
make
make install

四,解决 CentOS 6 编译安装 Python 3.8.9 openSSL 报错问题:

Could not build the ssl module! Python requires an OpenSSL 1.0.2 or 1.1 compatible libssl with X509_VERIFY_PARAM_set1_host(). LibreSSL 2.6.4 and earlier do not provide the necessary APIs, https://github.com/libressl-portable/portable/issues/381

标签: linux, centos