Re: Compile opensslß1.1.1k on CentOS8
halmurray+openssl at sonic.net
Tue Jun 8 09:23:26 UTC 2021
janjust at nikhef.nl said:
> As you found out, it is nearly impossible to swap out the existing openssl
> 1.1.1g with a "stock" openssl version, as RedHat/CentOS have applied patches
> to it. My advice would be: don't even try. If you *have to* use openssl
> 1.1.1k, then switch to Fedora or to Ubuntu (not the LTS releases). But keep
> in mind: - debian 10 uses openssl 1.1.1d - ubuntu seems to be at openssl
> 1.1.1j etc.
There are two cases. One is where you want to replace the system libraries so
that all the installed programs that use libssl will now use your new version.
I agree doing that is crazy. That's what distros are for.
But if you are working on a program and you want that one program to use a new
version, that's not so hard. The trick is to install your new version of
openssl in /usr/local/ (or wherever). Then you have to patch the build recipe
for your program to look there. This is how you would get your program ready
for 3.0.0 or get a program that needs TLS1.3 to work on a distro that is stuck
in the dark ages.
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared
to build and install OpenSSL, then, for waf:
ctx.env.INCLUDES = ["/usr/local/ssl/include"]
ctx.env.LIBPATH = ["/usr/local/ssl/lib"]
I don't remember where I found that config line.
These are my opinions. I hate spam.
More information about the openssl-users