Last active
August 29, 2017 13:09
-
-
Save rafaelszp/9b3ac2399dcdb0356223b1f34c56e54c to your computer and use it in GitHub Desktop.
Update OpenSSL on Centos7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#Credits to cuibonobo: https://gist.github.com/cuibonobo/f37f723d1ce77f68c5ddf324c8468da3 | |
# You need this for your OpenSSL tests to pass later | |
yum install perl-core | |
# Grab the source for OpenSSL 1.1, which has the patch for CVE-2016-2107 | |
cd /usr/local/src | |
wget https://www.openssl.org/source/openssl-1.1.0b.tar.gz | |
tar -zxf openssl-1.1.0b.tar.gz | |
cd openssl-1.1.0b | |
# Configure for your system and build | |
./config | |
make | |
# Run the tests to make sure there aren't any show-stoppers | |
make test | |
make install | |
# These steps are super questionable and I welcome any better suggestions | |
# Essentially I'm overriding the system's OpenSSL | |
mv /usr/bin/openssl /root/ | |
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl | |
rm /bin/openssl | |
ln -s /usr/local/bin/openssl /bin/openssl | |
# Restart Nginx so that it's aware of the changes (a reload is NOT enough!) | |
systemctl restart nginx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment