博主有个老RHEL系统,内核2.6.18;ssl不管用了,最简单的wget也不行,下面编个静态编译的新版 curl 用用(不影响yum源,不然的话系统自带的旧版 OpenSSL 受影响得得不偿失),来最优化解决下
首要最重要的一步是选对方案及版本
WolfSSL 通常比 OpenSSL 更容易在老系统上编译,且WolfSSL 的配置通常更简单
wolfSSL 2.9.0 + curl 7.36.0 最兼容当前老系统(RHEL 5.8),试错了好多版本
bash
老系统 scp都不好使了
wget https://github.com/wolfSSL/wolfssl/archive/refs/tags/v2.9.0.tar.gz
scp -oHostKeyAlgorithms=+ssh-rsa v2.9.0.tar.gz root@192.168.31.125:/home/
wget https://curl.se/download/curl-7.36.0.tar.gz
wget http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz
scp -oHostKeyAlgorithms=+ssh-rsa autoconf-2.69.tar.gz root@192.168.31.125:/
scp -oHostKeyAlgorithms=+ssh-rsa m4-1.4.19.tar.gz root@192.168.31.125:/
scp -oHostKeyAlgorithms=+ssh-rsa automake-1.16.5.tar.gz root@192.168.31.125:/
scp -oHostKeyAlgorithms=+ssh-rsa libtool-2.4.7.tar.gz root@192.168.31.125:/其中 wolfSSL 2.9.0 构建需要走autogen.sh 来生成 configure 脚本,且无法执行,报出系统自带的 Autoconf 工具版本不行,有点旧
bash
[root@localhost wolfssl-2.9.0]#./autogen.sh
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
configure.ac:19: error: Autoconf version 2.63 or higher is required
configure.ac:19: the top level
autom4te: /usr/bin/m4 failed with exit status: 63
aclocal: autom4te failed with exit status: 63
autoreconf: aclocal failed with exit status: 63重新编译个,手动升级 Autoconf 和 Automake 工具链
bash
# 不要覆盖系统自带的 /usr/bin/autoconf 和 /usr/bin/automake,以免破坏系统软件包的构建。我们将它们安装到自定义目录。
# 安装依赖(如果需要): 确保已安装 gcc, make 等。可能还需要 texinfo。
# yum install texinfo
#下载并编译新版本 M4 (Autoconf 的依赖)
wget http://ftp.gnu.org/gnu/m4/m4-1.4.19.tar.gz
tar xzvf m4-1.4.19.tar.gz
cd m4-1.4.19
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH
#下载并编译新版本 Autoconf
wget http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz
tar xzvf autoconf-2.69.tar.gz
cd autoconf-2.69
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH
#下载并编译新版本 Automake
wget http://ftp.gnu.org/gnu/automake/automake-1.16.5.tar.gz
tar xzvf automake-1.16.5.tar.gz
cd automake-1.16.5
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH
#下载并编译新版本 Libtool
wget http://ftp.gnu.org/gnu/libtool/libtool-2.4.7.tar.gz
tar xzvf libtool-2.4.7.tar.gz
cd libtool-2.4.7
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH
# 最终可将下面的行添加到 ~/.bashrc 或 /etc/profile 中,以便下次登录时自动设置路径:
export PATH=/usr/local/autotools/bin:$PATH编译wolfssl
bash
cd wolfssl-2.9.0/
./autogen.sh
./configure --enable-static --disable-shared \
--prefix=/usr/local/wolfssl \
--disable-examples \
--disable-async
make
make install编译crul
bash
cd curl-7.36.0
./configure --enable-static --disable-shared \
--prefix=/usr/local/curl \
--without-ssl \
--with-wolfssl=/usr/local/wolfssl \
--without-zlib \
--disable-ldap \
--disable-ldaps
这里不对劲
bash
[root@localhost curl-7.36.0]#./configure --help | grep -i ssl
--with-spnego=DIR Specify location of SPNEGO library fbopenssl
--with-winssl enable Windows native SSL/TLS
--without-winssl disable Windows native SSL/TLS
--with-darwinssl enable iOS/Mac OS X native SSL/TLS
--without-darwinssl disable iOS/Mac OS X native SSL/TLS
--with-ssl=PATH Where to look for OpenSSL, PATH points to the SSL
installation (default: /usr/local/ssl); when
--without-ssl disable OpenSSL
--with-polarssl=PATH where to look for PolarSSL, PATH points to the
--without-polarssl disable PolarSSL detection
--with-cyassl=PATH where to look for CyaSSL, PATH points to the
--without-cyassl disable CyaSSL detection
if another SSL engine is selected.curl 7.36.0 使用的是 --with-cyassl 选项而不是 --with-wolfssl
bash
# 清理之前的编译
make distclean
# 使用正确的配置选项 --with-cyassl
./configure --enable-static --disable-shared \
--prefix=/usr/local/curl \
--without-ssl \
--with-cyassl=/usr/local/wolfssl \
LDFLAGS="-L/usr/local/wolfssl/lib" \
CPPFLAGS="-I/usr/local/wolfssl/include"
# 编译和安装
make
make install验证
bash
[root@localhost curl-7.36.0]#/usr/local/curl/bin/curl https://example.com -k -I
HTTP/1.1 200 OK
Content-Type: text/html
ETag: "84238dfc8092e5d9c0dac8ef93371a07:1736799080.121134"
Last-Modified: Mon, 13 Jan 2025 20:11:20 GMT
Cache-Control: max-age=3412
Date: Wed, 27 Aug 2025 00:09:45 GMT
Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600
Connection: keep-alive
[root@localhost curl-7.36.0]#/usr/local/curl/bin/curl --version | grep -i ssl
curl 7.36.0 (x86_64-unknown-linux-gnu) libcurl/7.36.0 CyaSSL/2.9.0 zlib/1.2.3
Features: IPv6 Largefile SSL libz
[root@localhost curl-7.36.0]#
试错历史脚本
bash
make distclean
./configure --enable-all --enable-opensslextra --enable-static --disable-shared --prefix=/usr/local/wolfssl-5.8.2
make
make install
./configure --enable-opensslextra \
--enable-all \
--enable-tls13 \
--enable-alpn \
--enable-sni \
--enable-curl \
--enable-crl \
--disable-crl-monitor \
--enable-static --disable-shared --prefix=/usr/local/wolfssl-5.8.2
gcc -I/usr/local/wolfssl-5.8.2/include -L/usr/local/wolfssl-5.8.2/lib test_wolfssl.c -lwolfssl -o test_wolfssl -lpthread -lm
1029 ls
./configure --enable-opensslextra \
--enable-all \
--enable-tls13 \
--enable-alpn \
--enable-sni \
--enable-ecc \
--enable-supportedcurves \
--enable-session-ticket \
--enable-ocsp \
--enable-curl \
--enable-des3 \
--enable-aesgcm \
--enable-aesccm \
--disable-crl-monitor \
--enable-static --disable-shared --prefix=/usr/local/wolfssl-5.8.2 \
CFLAGS="-DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DHAVE_EXTENDED_MASTER -DHAVE_SNI -DHAVE_ALPN"
./configure --disable-shared \
--enable-static \
--with-wolfssl=/usr/local/wolfssl-5.8.2 \
--prefix=/usr/local/tiny-curl-8.4.0 \
LDFLAGS="-L/usr/local/wolfssl-5.8.2/lib -lwolfssl -lpthread -lm" \
--disable-ldap --disable-ldaps \
CPPFLAGS="-I/usr/local/wolfssl-5.8.2/include -DSHA256_DIGEST_LENGTH=32" \
--verbosecat > test_wolfssl.c << 'EOF'
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
#include <stdio.h>
int main() {
printf("WolfSSL test: %s\n", wolfSSL_lib_version());
return 0;
}
EOF