Skip to content

Instantly share code, notes, and snippets.

@keimoon
Created April 10, 2014 03:57
Show Gist options
  • Save keimoon/10341398 to your computer and use it in GitHub Desktop.
Save keimoon/10341398 to your computer and use it in GitHub Desktop.
OpenSSL Heartbleed patch
#!/usr/bin/env bash
DIR=`dirname $BASH_SOURCE`
test "x`whoami`" != "xroot" && echo "Please run as root" && exit
version=`openssl version`
version=${version:0:14}
test "x$version" == 'xOpenSSL 1.0.1g' && echo "OpenSSL version 1.0.1g is OK!!!" && exit
echo -n "Your OpenSSL version is $version. Are you sure to upgrade to 1.0.1g? [Y/n]: "
read confirm
test "x$confirm" != "xY" && echo "Bye" && exit
echo "Checking openssl in /usr/local/bin"
rebuild="no"
if [ -f "/usr/local/bin/openssl" ]; then
version=`/usr/local/bin/openssl version`
version=${version:0:14}
if [ "x$version" != 'xOpenSSL 1.0.1g' ]; then
rebuild="yes"
fi
else
rebuild="yes"
fi
if [ "x$rebuild" == "xyes" ]; then
echo "Rebuilding OpenSSL"
os=`uname`
if [ "x$os" == "xLinux" ]; then
echo "Downloading OpenSSL 1.0.1g"
if [ -f "openssl-1.0.1g.tar.gz" ]; then
echo "Founded openssl-1.0.1g.tar.gz"
else
wget --no-check-certificate 'https://www.openssl.org/source/openssl-1.0.1g.tar.gz'
test $? -ne 0 && echo "Cannot download openssl-1.0.1g.tar.gz" && exit
fi
echo "Extracting"
tar xzf openssl-1.0.1g.tar.gz
echo "Compiling"
cd openssl-1.0.1g
./config --prefix=/usr/local
make clean
make
make install
elif [ "x$os" == "xFreeBSD" ]; then
echo "Compiling using port"
portsnap fetch update
cd /usr/ports/security/openssl
make reinstall clean
else
echo "Operating system not found" && exit
fi
fi
echo "Rechecking version of OpenSSL"
version=`openssl version`
version=${version:0:14}
if [ "x$version" = "xOpenSSL 1.0.1g" ]; then
echo "OpenSSL version is NOW 1.0.1g!!!"
else
echo "OpenSSL 1.0.1g is installed in /usr/local/ but not is the default"
echo "You should rebuild anything depend on openssl"
echo "Copying default openssl.cnf to /usr/local"
cp /etc/ssl/openssl.cnf /usr/local/openssl
fi
echo "NOTE: You may need to reinstall Apache or Nginx!!!!!"
# Clean up
rm -rf $DIR/openssl*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment