博主有個老RHEL系統,內核2.6.18;ssl不管用了,最簡單的wget也不行,下面編個靜態編譯的新版 curl 用用(不影響yum源,不然的話系統自帶的舊版 OpenSSL 受影響得得不償失),來最優化解決下
首要最重要的一步是選對方案及版本
WolfSSL 通常比 OpenSSL 更容易在老系統上編譯,且WolfSSL 的配置通常更簡單
wolfSSL 2.9.0 + curl 7.36.0 最兼容當前老系統(RHEL 5.8),試錯了好多版本
老系統 scp都不好使了wget https://github.com/wolfSSL/wolfssl/archive/refs/tags/v2.9.0.tar.gzscp -oHostKeyAlgorithms=+ssh-rsa v2.9.0.tar.gz root@192.168.31.125:/home/wget https://curl.se/download/curl-7.36.0.tar.gzwget http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz
scp -oHostKeyAlgorithms=+ssh-rsa autoconf-2.69.tar.gz root@192.168.31.125:/
scp -oHostKeyAlgorithms=+ssh-rsa m4-1.4.19.tar.gz root@192.168.31.125:/
scp -oHostKeyAlgorithms=+ssh-rsa automake-1.16.5.tar.gz root@192.168.31.125:/
scp -oHostKeyAlgorithms=+ssh-rsa libtool-2.4.7.tar.gz root@192.168.31.125:/
其中 wolfSSL 2.9.0 構建需要走autogen.sh 來生成 configure 腳本,且無法執行,報出系統自帶的 Autoconf 工具版本不行,有點舊
[root@localhost wolfssl-2.9.0]#./autogen.sh
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
configure.ac:19: error: Autoconf version 2.63 or higher is required
configure.ac:19: the top level
autom4te: /usr/bin/m4 failed with exit status: 63
aclocal: autom4te failed with exit status: 63
autoreconf: aclocal failed with exit status: 63
重新編譯個,手動升級 Autoconf 和 Automake 工具鏈
# 不要覆蓋系統自帶的 /usr/bin/autoconf 和 /usr/bin/automake,以免破壞系統軟件包的構建。我們將它們安裝到自定義目錄。
# 安裝依賴(如果需要): 確保已安裝 gcc, make 等。可能還需要 texinfo。
# yum install texinfo#下載并編譯新版本 M4 (Autoconf 的依賴)
wget http://ftp.gnu.org/gnu/m4/m4-1.4.19.tar.gz
tar xzvf m4-1.4.19.tar.gz
cd m4-1.4.19
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH#下載并編譯新版本 Autoconf
wget http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz
tar xzvf autoconf-2.69.tar.gz
cd autoconf-2.69
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH#下載并編譯新版本 Automake
wget http://ftp.gnu.org/gnu/automake/automake-1.16.5.tar.gz
tar xzvf automake-1.16.5.tar.gz
cd automake-1.16.5
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH#下載并編譯新版本 Libtool
wget http://ftp.gnu.org/gnu/libtool/libtool-2.4.7.tar.gz
tar xzvf libtool-2.4.7.tar.gz
cd libtool-2.4.7
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH# 最終可將下面的行添加到 ~/.bashrc 或 /etc/profile 中,以便下次登錄時自動設置路徑:
export PATH=/usr/local/autotools/bin:$PATH
編譯wolfssl
cd wolfssl-2.9.0/
./autogen.sh
./configure --enable-static --disable-shared \--prefix=/usr/local/wolfssl \--disable-examples \--disable-async
make
make install
編譯crul
cd curl-7.36.0./configure --enable-static --disable-shared \--prefix=/usr/local/curl \--without-ssl \--with-wolfssl=/usr/local/wolfssl \--without-zlib \--disable-ldap \--disable-ldaps
這里不對勁
[root@localhost curl-7.36.0]#./configure --help | grep -i ssl--with-spnego=DIR Specify location of SPNEGO library fbopenssl--with-winssl enable Windows native SSL/TLS--without-winssl disable Windows native SSL/TLS--with-darwinssl enable iOS/Mac OS X native SSL/TLS--without-darwinssl disable iOS/Mac OS X native SSL/TLS--with-ssl=PATH Where to look for OpenSSL, PATH points to the SSLinstallation (default: /usr/local/ssl); when--without-ssl disable OpenSSL--with-polarssl=PATH where to look for PolarSSL, PATH points to the--without-polarssl disable PolarSSL detection--with-cyassl=PATH where to look for CyaSSL, PATH points to the--without-cyassl disable CyaSSL detectionif another SSL engine is selected.
curl 7.36.0 使用的是 --with-cyassl 選項而不是 --with-wolfssl
# 清理之前的編譯
make distclean# 使用正確的配置選項 --with-cyassl
./configure --enable-static --disable-shared \--prefix=/usr/local/curl \--without-ssl \--with-cyassl=/usr/local/wolfssl \LDFLAGS="-L/usr/local/wolfssl/lib" \CPPFLAGS="-I/usr/local/wolfssl/include"# 編譯和安裝
make
make install
驗證
[root@localhost curl-7.36.0]#/usr/local/curl/bin/curl https://example.com -k -I
HTTP/1.1 200 OK
Content-Type: text/html
ETag: "84238dfc8092e5d9c0dac8ef93371a07:1736799080.121134"
Last-Modified: Mon, 13 Jan 2025 20:11:20 GMT
Cache-Control: max-age=3412
Date: Wed, 27 Aug 2025 00:09:45 GMT
Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600
Connection: keep-alive[root@localhost curl-7.36.0]#/usr/local/curl/bin/curl --version | grep -i ssl
curl 7.36.0 (x86_64-unknown-linux-gnu) libcurl/7.36.0 CyaSSL/2.9.0 zlib/1.2.3
Features: IPv6 Largefile SSL libz
[root@localhost curl-7.36.0]#
試錯歷史腳本
make distclean./configure --enable-all --enable-opensslextra --enable-static --disable-shared --prefix=/usr/local/wolfssl-5.8.2
make
make install./configure --enable-opensslextra \--enable-all \--enable-tls13 \--enable-alpn \--enable-sni \--enable-curl \--enable-crl \--disable-crl-monitor \--enable-static --disable-shared --prefix=/usr/local/wolfssl-5.8.2gcc -I/usr/local/wolfssl-5.8.2/include -L/usr/local/wolfssl-5.8.2/lib test_wolfssl.c -lwolfssl -o test_wolfssl -lpthread -lm1029 ls ./configure --enable-opensslextra \--enable-all \--enable-tls13 \--enable-alpn \--enable-sni \--enable-ecc \--enable-supportedcurves \--enable-session-ticket \--enable-ocsp \--enable-curl \--enable-des3 \--enable-aesgcm \--enable-aesccm \--disable-crl-monitor \--enable-static --disable-shared --prefix=/usr/local/wolfssl-5.8.2 \CFLAGS="-DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DHAVE_EXTENDED_MASTER -DHAVE_SNI -DHAVE_ALPN"./configure --disable-shared \
--enable-static \
--with-wolfssl=/usr/local/wolfssl-5.8.2 \
--prefix=/usr/local/tiny-curl-8.4.0 \
LDFLAGS="-L/usr/local/wolfssl-5.8.2/lib -lwolfssl -lpthread -lm" \--disable-ldap --disable-ldaps \
CPPFLAGS="-I/usr/local/wolfssl-5.8.2/include -DSHA256_DIGEST_LENGTH=32" \
--verbose
cat > test_wolfssl.c << 'EOF'
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
#include <stdio.h>int main() {printf("WolfSSL test: %s\n", wolfSSL_lib_version());return 0;
}
EOF