博主有個老RHEL系統，內核2.6.18；ssl不管用了，最簡單的wget也不行，下面編個靜態編譯的新版 curl 用用（不影響yum源，不然的話系統自帶的舊版 OpenSSL 受影響得得不償失），來最優化解決下

首要最重要的一步是選對方案及版本

WolfSSL 通常比 OpenSSL 更容易在老系統上編譯，且WolfSSL 的配置通常更簡單

wolfSSL 2.9.0 + curl 7.36.0 最兼容當前老系統（RHEL 5.8），試錯了好多版本

老系統 scp都不好使了wget https://github.com/wolfSSL/wolfssl/archive/refs/tags/v2.9.0.tar.gzscp -oHostKeyAlgorithms=+ssh-rsa v2.9.0.tar.gz   root@192.168.31.125:/home/wget https://curl.se/download/curl-7.36.0.tar.gzwget http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz
scp -oHostKeyAlgorithms=+ssh-rsa autoconf-2.69.tar.gz   root@192.168.31.125:/
scp -oHostKeyAlgorithms=+ssh-rsa m4-1.4.19.tar.gz    root@192.168.31.125:/
scp -oHostKeyAlgorithms=+ssh-rsa automake-1.16.5.tar.gz   root@192.168.31.125:/
scp -oHostKeyAlgorithms=+ssh-rsa libtool-2.4.7.tar.gz  root@192.168.31.125:/

其中 wolfSSL 2.9.0 構建需要走autogen.sh 來生成 configure 腳本，且無法執行，報出系統自帶的 Autoconf 工具版本不行，有點舊

[root@localhost wolfssl-2.9.0]#./autogen.sh 
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
configure.ac:19: error: Autoconf version 2.63 or higher is required
configure.ac:19: the top level
autom4te: /usr/bin/m4 failed with exit status: 63
aclocal: autom4te failed with exit status: 63
autoreconf: aclocal failed with exit status: 63

重新編譯個,手動升級 Autoconf 和 Automake 工具鏈

# 不要覆蓋系統自帶的 /usr/bin/autoconf 和 /usr/bin/automake，以免破壞系統軟件包的構建。我們將它們安裝到自定義目錄。
# 安裝依賴（如果需要）： 確保已安裝 gcc, make 等。可能還需要 texinfo。
# yum install texinfo#下載并編譯新版本 M4 (Autoconf 的依賴)
wget http://ftp.gnu.org/gnu/m4/m4-1.4.19.tar.gz
tar xzvf m4-1.4.19.tar.gz
cd m4-1.4.19
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH#下載并編譯新版本 Autoconf
wget http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz
tar xzvf autoconf-2.69.tar.gz
cd autoconf-2.69
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH#下載并編譯新版本 Automake
wget http://ftp.gnu.org/gnu/automake/automake-1.16.5.tar.gz
tar xzvf automake-1.16.5.tar.gz
cd automake-1.16.5
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH#下載并編譯新版本 Libtool
wget http://ftp.gnu.org/gnu/libtool/libtool-2.4.7.tar.gz
tar xzvf libtool-2.4.7.tar.gz
cd libtool-2.4.7
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH# 最終可將下面的行添加到 ~/.bashrc 或 /etc/profile 中，以便下次登錄時自動設置路徑：
export PATH=/usr/local/autotools/bin:$PATH

編譯wolfssl

cd wolfssl-2.9.0/
./autogen.sh 
./configure    --enable-static --disable-shared \--prefix=/usr/local/wolfssl \--disable-examples \--disable-async
make 
make install

編譯crul

cd curl-7.36.0./configure   --enable-static --disable-shared  \--prefix=/usr/local/curl     \--without-ssl      \--with-wolfssl=/usr/local/wolfssl  \--without-zlib        \--disable-ldap  \--disable-ldaps
這里不對勁   

[root@localhost curl-7.36.0]#./configure --help | grep -i ssl--with-spnego=DIR       Specify location of SPNEGO library fbopenssl--with-winssl           enable Windows native SSL/TLS--without-winssl        disable Windows native SSL/TLS--with-darwinssl        enable iOS/Mac OS X native SSL/TLS--without-darwinssl     disable iOS/Mac OS X native SSL/TLS--with-ssl=PATH         Where to look for OpenSSL, PATH points to the SSLinstallation (default: /usr/local/ssl); when--without-ssl           disable OpenSSL--with-polarssl=PATH    where to look for PolarSSL, PATH points to the--without-polarssl      disable PolarSSL detection--with-cyassl=PATH      where to look for CyaSSL, PATH points to the--without-cyassl        disable CyaSSL detectionif another SSL engine is selected.

curl 7.36.0 使用的是 --with-cyassl 選項而不是 --with-wolfssl

# 清理之前的編譯
make distclean# 使用正確的配置選項 --with-cyassl
./configure --enable-static --disable-shared \--prefix=/usr/local/curl \--without-ssl \--with-cyassl=/usr/local/wolfssl \LDFLAGS="-L/usr/local/wolfssl/lib" \CPPFLAGS="-I/usr/local/wolfssl/include"# 編譯和安裝
make
make install

驗證

[root@localhost curl-7.36.0]#/usr/local/curl/bin/curl https://example.com -k -I
HTTP/1.1 200 OK
Content-Type: text/html
ETag: "84238dfc8092e5d9c0dac8ef93371a07:1736799080.121134"
Last-Modified: Mon, 13 Jan 2025 20:11:20 GMT
Cache-Control: max-age=3412
Date: Wed, 27 Aug 2025 00:09:45 GMT
Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600
Connection: keep-alive[root@localhost curl-7.36.0]#/usr/local/curl/bin/curl --version | grep -i ssl
curl 7.36.0 (x86_64-unknown-linux-gnu) libcurl/7.36.0 CyaSSL/2.9.0 zlib/1.2.3
Features: IPv6 Largefile SSL libz 
[root@localhost curl-7.36.0]#

試錯歷史腳本

make distclean./configure --enable-all --enable-opensslextra --enable-static --disable-shared --prefix=/usr/local/wolfssl-5.8.2
make
make install./configure --enable-opensslextra \--enable-all \--enable-tls13 \--enable-alpn \--enable-sni \--enable-curl \--enable-crl \--disable-crl-monitor \--enable-static --disable-shared --prefix=/usr/local/wolfssl-5.8.2gcc -I/usr/local/wolfssl-5.8.2/include -L/usr/local/wolfssl-5.8.2/lib test_wolfssl.c -lwolfssl -o test_wolfssl -lpthread -lm1029  ls          ./configure --enable-opensslextra \--enable-all \--enable-tls13 \--enable-alpn \--enable-sni \--enable-ecc \--enable-supportedcurves \--enable-session-ticket \--enable-ocsp \--enable-curl \--enable-des3 \--enable-aesgcm \--enable-aesccm \--disable-crl-monitor \--enable-static --disable-shared --prefix=/usr/local/wolfssl-5.8.2 \CFLAGS="-DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DHAVE_EXTENDED_MASTER -DHAVE_SNI -DHAVE_ALPN"./configure --disable-shared \
--enable-static \
--with-wolfssl=/usr/local/wolfssl-5.8.2 \
--prefix=/usr/local/tiny-curl-8.4.0 \
LDFLAGS="-L/usr/local/wolfssl-5.8.2/lib -lwolfssl  -lpthread -lm" \--disable-ldap --disable-ldaps \
CPPFLAGS="-I/usr/local/wolfssl-5.8.2/include -DSHA256_DIGEST_LENGTH=32" \
--verbose

cat > test_wolfssl.c << 'EOF'
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
#include <stdio.h>int main() {printf("WolfSSL test: %s\n", wolfSSL_lib_version());return 0;
}
EOF