目的
編譯新版本 tls 用於 wget, curl 工具
下載地址
nettle-3.6
gnutls-3.6.13 需要 nettle 依賴
oepnssl-1.1.1g (可選)
wget2-1.99
wge-1.20t
cur-7.70
編譯
nettle
編譯方法
./configure --prefix=/usr/local/nettle --disable-openssl --enable-shared --enable-mini-gmp
make
make install
定義庫位置
echo /usr/local/nettle/lib64/ > /etc/ld.so.conf.d/nettle.conf
ldconfig
檢查方法 (默認報錯)
# pkg-config --modversion nettle
Package nettle was not found in the pkg-config search path.
Perhaps you should add the directory containing `nettle.pc'
to the PKG_CONFIG_PATH environment variable
No package 'nettle' found
解決辦法
# export PKG_CONFIG_PATH=":/usr/local/nettle/lib64/pkgconfig/"
# pkg-config --modversion nettle
3.6
openssl
# ./config --prefix=/usr/local/openssl -fPIC
# make
# maek install
gnutls
編譯
# ./configure --prefix=/usr/local/gnutls --with-nettle-mini --without-p11-kit
version: 3.6.13 shared 57:0:27
Host/Target system: x86_64-pc-linux-gnu
Build system: x86_64-pc-linux-gnu
Install prefix: /usr/local/gnutls
Compiler: gcc -std=gnu99
Valgrind: no
CFlags: -g -O2
Library types: Shared=yes, Static=no
Local libopts: yes
Local libtasn1: no
Local unistring: no
Use nettle-mini: yes
Documentation: yes (manpages: yes)
configure: External hardware support:
/dev/crypto: no
Hardware accel: x86-64
Padlock accel: yes
Random gen. variant: auto-detect
PKCS#11 support: yes
TPM support: yes
configure:
TPM library: /usr/lib64/libtspi.so.1
configure: Optional features:
(note that included applications might not compile properly
if features are disabled)
SSL3.0 support: no
SSL2.0 client hello: yes
Allow SHA1 sign: no
DTLS-SRTP support: yes
ALPN support: yes
OCSP support: yes
SRP support: yes
PSK support: yes
DHE support: yes
ECDHE support: yes
GOST support: yes
Anon auth support: yes
Heartbeat support: yes
IDNA support: IDNA 2008 (libidn2)
Non-SuiteB curves: yes
FIPS140 mode: no
Strict DER time: yes
configure: Optional libraries:
Guile wrappers: yes
C++ library: yes
DANE library: yes
OpenSSL compat: no
configure: System files:
Trust store pkcs11:
Trust store dir:
Trust store file: /etc/pki/tls/cert.pem
Blacklist file:
CRL file:
Configuration file: /etc/gnutls/config
DNSSEC root key file: /var/lib/unbound/root.key
# make
# make install
常見錯誤1
configure: error:
***
*** Libnettle 3.4.1 was not found.
解決
# export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/nettle/lib64/pkgconfig/
# pkg-config --modversion nettle
3.6
常見錯誤2
configure: error:
***
*** Libtasn1 4.9 was not found. To use the included one, use --with-included-libtasn1
解決方法
# yum install -y libtasn1-devel.x86_64
常見錯誤3
configure: error:
***
*** Libunistring was not found. To use the included one, use --with-included-unistring
解決方法
# yum install -y libunistring-devel.x86_64
常見錯誤4
configure: WARNING:
***
*** libunbound was not found. Libdane will not be built.
***
checking for P11_KIT... no
configure: error:
***
*** p11-kit >= 0.23.1 was not found. To disable PKCS #11 support
*** use --without-p11-kit, otherwise you may get p11-kit from
*** https://p11-glue.freedesktop.org/p11-kit.html
解決方法
# yum install -y unbound-devel.x86_64
# yum install -y p11-kit-devel.x86_64
常見問題5
***
*** Detecting GNU Guile...
checking for guile-snarf... no
configure: WARNING: `guile-snarf' from Guile not found. Guile bindings not built.
checking that generated files are newer than configure... done
checking for tss library... no
configure: WARNING:
***
*** trousers was not found. TPM support will be disabled.
***
解決方法
# yum install -y trousers-devel.x86_64
常見問題6
checking for autogen... no
configure: WARNING:
***
*** autogen not found. Will not link against system libopts.
***
checking for dirent.h that defines DIR... yes
checking for library containing opendir... none required
解決方法
# yum install -y autogen
常見問題7
checking for library containing idn2_lookup_u8... no
configure: WARNING: *** LIBIDN2 was not found. You will not be able to use IDN2008 support
解決方法
yum install -y libidn2-devel.x86_64
常見問題8
checking whether building Guile bindings... yes
***
*** Detecting GNU Guile...
checking for guile-snarf... no
解決方法
yum install -y guile-devel.x86_64
常見問題9
pkcs11_privkey.c: In function '_gnutls_pkcs11_privkey_sign':
pkcs11_privkey.c:335:32: error: storage size of 'rsa_pss_params' isn't known
struct ck_rsa_pkcs_pss_params rsa_pss_params;
^
pkcs11_privkey.c:335:32: warning: unused variable 'rsa_pss_params' [-Wunused-variable]
make[4]: *** [pkcs11_privkey.lo] Error 1
make[4]: Leaving directory `/usr/src/gnutls-3.6.11.1/lib'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `/usr/src/gnutls-3.6.11.1/lib'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/usr/src/gnutls-3.6.11.1/lib'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/gnutls-3.6.11.1'
make: *** [all] Error 2
解決方法
--without-p11-kit 編譯時候忽略該功能
wget
# ./configure --with-ssl=gnutls --prefix=/usr/local/wget
# make
# make install
常見問題
checking for libgnutls... no
configure: error: GnuTLS has not been found. Use --with-ssl=openssl if you explicitly want OpenSSL.
解決方法:
# export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/nettle/lib64/pkgconfig/
# pkg-config --modversion nettle
3.6
重新編譯即通過
# ./configure --with-ssl=gnutls --prefix=/usr/local/wget
checking for GNUTLS... yes
configure: compiling in support for SSL via GnuTLS
Version: 1.20
Host OS: linux-gnu
Install prefix: /usr/local
Compiler: gcc -std=gnu11
CFlags: -I/usr/local/gnutls/include -I/usr/local/nettle/include -DHAVE_LIBGNUTLS -DNDEBUG
LDFlags:
Libs: -lpcre -lidn2 -L/usr/local/gnutls/lib -lgnutls -lz
SSL: gnutls
Zlib: yes
PSL: no
PCRE: yes, via libpcre
Digest: yes
NTLM: auto
OPIE: yes
POSIX xattr: yes
Debugging: yes
Assertions: no
Valgrind: Valgrind testing not enabled
Metalink: no
Resolver: libc, --bind-dns-address and --dns-servers not available
GPGME: no
IRI: yes
Fuzzing build: no,
curl
這個編譯比較特殊
# CPPFLAGS="-I/usr/local/nettle/include" LDFLAGS="-L/usr/local/nettle/lib64" ./configure --with-gnutls=/usr/local/gnutls --prefix=/usr/local/curl --with-ssl=/usr/local/openssl
# make
# make install
編譯時需手動定義 nettle 庫文件及頭文件位置, 否則報錯
configure: error: GnuTLS found, but neither gcrypt nor nettle found