安装Openssl GNUTLS WolfSSL 手册
😄 @Auther sizaif
📆2021-05-18 09:19:35
[TOC]
OpenSSL
安装依赖库
# 安装ssl 依赖库
sudo apt update
sudo apt-get install libssl-dev make下载源码并进入文件
https://www.openssl.org/source/old/1.1.1/
# 下载OpenSSL对应版本源码
https://www.openssl.org/source/old/1.1.1/openssl-1.1.1j.tar.gz
# 进入文件后
cd openssl-XXX/编译安装
编译安装有两种方式,
一种是编译后,不进行安装,即不把编译后的文件安装到系统环境下, 输入openssl version版本不变
另一种是编译后进行安装,更换到系统环境下
第一种,仅编译, 使用时通过/openssl-xxx/apps/openssl 使用这个版本的openssl
这样的优势是,可以快速测试多个openssl的版本,而不用重复更新安装
code
# 配置环境 prefix 是安装目录,openssldir是配置文件目录
#
# Configure --prefix=/YOUR PATH
./Configure
# or
./config
# ./config --prefix=/YOUR PATH
# 编译安装
#因为这里我们不需要安装,只需要拿到编译的结果去运行
# 所以 不需要make install
make第二种,编译安装, 使用时直接使用openssl 命令来使用新安装的版本
code
# 编译 需要等好长时间, 不如趁这个功夫取喝个茶,上个洗手间
make
# 编译完成后, 进行安装 , 等待时间也不短, 不如去刷个小视频
#
make install
# 将旧版本的openssl进行备份
sudo mv /usr/bin/openssl /usr/bin/openssl.old
# 将新版本的openssl进行软链接
sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
#进入etc目录
cd /etc/
#下一步一定要切换到root用户
su
#将openssl的安装路径加入配置中
echo "/usr/local/lib" >> ld.so.conf
# 重新加载配置
ldconfig
# 测试 版本 得到如下结果
openssl version
>OpenSSL 1.1.1b 26 Feb 2019
# 测试
ll /usr/local/include/
ll /usr/local/lib/
# 如下结果
#如果需要更换版本的话,修改软链接的名称即可,参照:
#将旧版本进行备份
sudo mv /usr/include/openssl /usr/include/openssl.old
#将新版本进行软链接
sudo ln -s /usr/local/include/openssl /usr/include/openssl GnuTLS
项目地址: https://www.gnutls.org/index.html
安装依赖库
Debian/Ubuntu:
Debian/Ubuntu
apt-get install -y dash git-core autoconf libtool gettext autopoint
apt-get install -y automake autogen nettle-dev libp11-kit-dev libtspi-dev libunistring-dev
apt-get install -y guile-2.0-dev libtasn1-6-dev libidn2-0-dev gawk gperf
apt-get install -y libunbound-dev dns-root-data bison help2man gtk-doc-tools
apt-get install -y texinfo texlive texlive-generic-recommended texlive-extra-utils
apt-get install pkg-config编译安装
解释如下
The GnuTLS Guile bindings are available for the Guile 3.0 and 2.2 series, as well as the legacy 2.0 and even 1.8 series.
By default they are installed under the GnuTLS installation directory, typically /usr/local/share/guile/site/). Normally Guile will not find the module there without help. You may experience something like this:
>$ guile >… >scheme@(guile-user)> (use-modules (gnutls)) >ERROR: no code for module (gnutls)There are two ways to solve this. The first is to make sure that when building GnuTLS, the Guile bindings will be installed in the same place where Guile looks. You may do this by using the
--with-guile-site-dirparameter as follows:>$ ./configure --with-guile-site-dir=no
命令如下
# --with-guile-site-dir=no 构建GnuTLS时,Guile绑定将安装在与Guile相同的位置, 解释如上
# 因为只需要测试GnuTls 所以使用如下的命令
# 视实际情况决定
./configure --with-guile-site-dir=no --with-included-libtasn1 --with-included-unistring --without-p11-kit --disable-guile --disable-doc
./configure结果
./configure结果
configure: summary of build options:
version: 3.6.7 shared 53:2:23
Host/Target system: x86_64-pc-linux-gnu
Build system: x86_64-pc-linux-gnu
Install prefix: /usr/local
Compiler: gcc
Valgrind: no
CFlags: -g -O2
Library types: Shared=yes, Static=no
Local libopts: yes
Local libtasn1: yes
Local unistring: yes
Use nettle-mini: no
Documentation: no (manpages: no)
configure: External hardware support:
/dev/crypto: no
Hardware accel: x86-64
Padlock accel: yes
Random gen. variant: getrandom
PKCS#11 support: no
TPM support: no
configure: Optional features:
(note that included applications might not compile properly
if features are disabled)
SSL3.0 support: no
SSL2.0 client hello: yes
Allow SHA1 sign: no
DTLS-SRTP support: yes
ALPN support: yes
OCSP support: yes
SRP support: yes
PSK support: yes
DHE support: yes
ECDHE support: yes
GOST support: yes
Anon auth support: yes
Heartbeat support: yes
IDNA support: no
Non-SuiteB curves: no
FIPS140 mode: no
configure: Optional libraries:
Guile wrappers: no
C++ library: yes
DANE library: no
OpenSSL compat: no
configure: System files:
Trust store pkcs11:
Trust store dir:
Trust store file: /etc/ssl/certs/ca-certificates.crt
Blacklist file:
CRL file:
Priority file: /etc/gnutls/default-priorities
DNSSEC root key file: /etc/unbound/root.key
configure: WARNING:
***
*** The DNSSEC root key file in /etc/unbound/root.key was not found.
*** This file is needed for the verification of DNSSEC responses.
*** Use the command: unbound-anchor -a "/etc/unbound/root.key"
*** to generate or update it.
***
安装
同Openssl 一样, 有两种方式, 仅 make 和 make && make install
code
# 编译
make
# 编译后 在 src 目录下 可以得到 gnutls-cli gnutls-cli-debug gnutls-serv 可执行文件
# 验证版本
$root@380xxx:/xxx/gnutls-3.6.7# ./src/gnutls-serv -v
gnutls-serv 3.6.7
Copyright (C) 2000-2019 Free Software Foundation, and others, all rights reserved.
This is free software. It is licensed for use, modification and
redistribution under the terms of the GNU General Public License,
version 3 or later <http://gnu.org/licenses/gpl.html>
Please send bug reports to: <bugs@gnutls.org>
########################################################################################
# 如果 安装的话 执行 make install
make install
# 会在 /usr/local/include/gnutls 生成头文件
# /usr/local/bin/ 下 生成 gnutls-cli gnutls-cli-debug gnutls-serv 可执行文件
# 验证版本
$root@380xxx:/xxx/gnutls-3.6.7# /usr/local/bin/gnutls-serv -v
gnutls-serv 3.6.7
Copyright (C) 2000-2019 Free Software Foundation, and others, all rights reserved.
This is free software. It is licensed for use, modification and
redistribution under the terms of the GNU General Public License,
version 3 or later <http://gnu.org/licenses/gpl.html>
Please send bug reports to: <bugs@gnutls.org>
WolfSSL
https://github.com/wolfSSL/wolfssl
下载源码
https://www.wolfssl.com/download/# 手动下载编译安装
./configure#./configure --help ./configure --enable-psk --enable-pwdbased --enable-rsa --enable-sha --enable-debug --disable-dh --disable-ecc C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK 结果
code
Configuration summary for wolfssl version 4.7.0
* Installation prefix: /usr/local
* System type: pc-linux-gnu
* Host CPU: x86_64
* C Compiler: gcc
* C Flags: -DWOLFSSL_STATIC_PSK -g -ggdb -O0 -Wno-pragmas -Wall -Wno-strict-aliasing -Wextra -Wu
nknown-pragmas --param=ssp-buffer-size=1 -Waddress -Warray-bounds -Wbad-function-cast -Wchar-subscripts -Wcomment -Wfloa
t-equal -Wformat-security -Wformat=2 -Wmaybe-uninitialized -Wmissing-field-initializers -Wmissing-noreturn -Wmissing-pro
totypes -Wnested-externs -Wnormalized=id -Woverride-init -Wpointer-arith -Wpointer-sign -Wredundant-decls -Wshadow -Wsig
n-compare -Wstrict-overflow=1 -Wswitch-enum -Wundef -Wunused -Wunused-result -Wunused-variable -Wwrite-strings -fwrapv
* C++ Compiler:
* C++ Flags:
* CPP Flags:
* CCAS Flags: -DWOLFSSL_STATIC_PSK
* LIB Flags: -pie -z relro -z now
* Debug enabled: yes
* Coverage enabled:
* Warnings as failure: no
* make -j: 9
* VCS checkout: no
Features
* FIPS: no
* Single threaded: no
* Filesystem: yes
* OpenSSH Build: no
* OpenSSL Extra API: no
* OpenSSL Coexist: no
* Old Names: yes
* Max Strength Build: no
* Distro Build: no
* Reproducible Build: no
* fastmath: yes
* Assembly Allowed: yes
* sniffer: no
* snifftest: no
* ARC4: no
* AES: yes
* AES-NI: no
* AES-CBC: yes
* AES-GCM: yes
* AES-CCM: no
* AES-CTR: no
* AES-CFB: no
* AES-OFB: no
* DES3: no
* IDEA: no
* Camellia: no
* NULL Cipher: no
* MD2: no
* MD4: no
* MD5: yes
* RIPEMD: no
* SHA: yes
* SHA-224: yes
* SHA-384: yes
* SHA-512: yes
* SHA3: yes
* SHAKE256: yes
* BLAKE2: no
* BLAKE2S: no
* CMAC: no
* keygen: no
* certgen: no
* certreq: no
* certext: no
* certgencache: no
* HC-128: no
* RABBIT: no
* CHACHA: yes
* XCHACHA: no
* Hash DRBG: yes
* PWDBASED: yes
* scrypt: no
* wolfCrypt Only: no
* HKDF: yes
* X9.63 KDF: no
* MD4: no
* PSK: yes
* Poly1305: yes
* LEANPSK: no
* LEANTLS: no
* RSA: yes
* RSA-PSS: yes
* DSA: no
* DH: no
* DH Default Parameters: yes
* ECC: no
* ECC Custom Curves no
* ECC Minimum Bits 224
* CURVE25519: no
* ED25519: no
* CURVE448: no
* ED448: no
* FPECC: no
* ECC_ENCRYPT: no
* ASN: yes
* Anonymous cipher: no
* CODING: yes
* MEMORY: yes
* I/O POOL: no
* LIGHTY: no
* HAPROXY: no
* STUNNEL: no
* Apache httpd: no
* NGINX: no
* ASIO: no
* LIBWEBSOCKETS: no
* Qt no
* Qt Unit Testing no
* SIGNAL: no
* ERROR_STRINGS: yes
* DTLS: no
* SCTP: no
* Indefinite Length: no
* Multicast: no
* SSL v3.0 (Old): no
* TLS v1.0 (Old): no
* TLS v1.1 (Old): yes
* TLS v1.2: yes
* TLS v1.3: yes
* Post-handshake Auth: no
* Early Data: no
* Send State in HRR Cookie: no
* OCSP: no
* OCSP Stapling: no
* OCSP Stapling v2: no
* CRL: no
* CRL-MONITOR: no
* Persistent session cache: no
* Persistent cert cache: no
* Atomic User Record Layer: no
* Public Key Callbacks: no
* NTRU: no
* QSH: no
* Whitewood netRandom: no
* Server Name Indication: no
* ALPN: no
* Maximum Fragment Length: no
* Trusted CA Indication: no
* Truncated HMAC: no
* Supported Elliptic Curves: no
* FFDHE only in client: no
* Session Ticket: no
* Extended Master Secret: yes
* Renegotiation Indication: no
* Secure Renegotiation: no
* Fallback SCSV: no
* Keying Material Exporter: no
* All TLS Extensions: no
* PKCS#7 no
* S/MIME no
* wolfSSH no
* wolfTPM no
* wolfSCEP no
* Secure Remote Password no
* Small Stack: no
* Linux Kernel Module: no
* valgrind unit tests: no
* LIBZ: no
* Examples: yes
* Crypt tests: yes
* Stack sizes in tests: no
* Heap stats in tests: no
* User Crypto: no
* Fast RSA: no
* Single Precision: no
* SP math implementation: no
* Async Crypto: no
* PKCS#11: no
* PKCS#12: yes
* Cavium Nitrox: no
* Cavium Octeon (Sync): no
* Intel Quick Assist: no
* ARM ASM: no
* AES Key Wrap: no
* Write duplicate: no
* Xilinx Hardware Acc.: no
* Inline Code: yes
* Linux AF_ALG: no
* Linux devcrypto: no
* Crypto callbacks: no
code
make
# 如果遇到错误 'aclocal-1.15' is missing on your system”
# 先执行autoreconf -f -i 在执行 ./configure 在 make
## 安装 如上
sudo make install
# To test the build, run the testsuite program from the root wolfSSL directory:
./testsuite/testsuite.test
# or use autoconf to run the testsuite as well as the standard wolfSSL API and crypto tests:
make test
############################
# 如果没有configure 使用 cmake
# 安装 cmake
sudo apt-get install cmake
# Usage:
mkdir build && cd build
cmake ..
cmake --build .
结果运行
在根目录下/exaples/ 中 有 server 和 client