怎样编译安装GnuTLS 3.5.11

2017年5月9日 由 Amon

查看当前版本:

gnutls-cli -v

卸载低版本:

如果有通过yum/rpm安装的gnutls,需要先卸载:

rpm -e --nodeps gnutls
rpm -e --nodeps gnutls-devel

通过源码包编译安装:

最新版本:GnuTLS 3.5.11 (2017-04-7)
实证通过:GnuTLS 3.5.11

官网:http://gnutls.org/
下载:http://gnutls.org/download.html

参考:http://gnutls.org/manual/gnutls.html
参考:http://linuxfromscratch.org/blfs/view/svn/postlfs/gnutls.html (GnuTLS-3.5.11)

安装nettle:https://amon.org/nettle
安装p11-kit:https://amon.org/p11-kit
安装libasn1:https://amon.org/libtasn1
安装libgmp:https://amon.org/gmplib

wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.11.tar.xz && xz -d gnutls-3.5.11.tar.xz && tar -xvf gnutls-3.5.11.tar && cd gnutls-3.5.11
export NETTLE_CFLAGS="-I/usr/include/nettle" NETTLE_LIBS="-L/usr/lib64 -lnettle" HOGWEED_CFLAGS="-I/usr/include/nettle" HOGWEED_LIBS="-L/usr/lib64 -lhogweed" P11_KIT_CFLAGS="-I/usr/include/p11-kit-1/p11-kit" P11_KIT_LIBS="-L/usr/lib -lp11-kit" LIBTASN1_CFLAGS="-I/usr/include" LIBTASN1_LIBS="-L/usr/lib -ltasn1" GMP_CFLAGS="-I/usr/local/include" GMP_LIBS="-L/usr/local/lib -lgmp"
./configure --prefix=/usr --with-default-trust-store-file=/etc/ssl/ca-bundle.crt --enable-gtk-doc --enable-openssl-compatibility --enable-local-libopts --with-included-unistring

配置信息:

configure: summary of build options:

  version:              3.5.11 shared 44:2:14
  Host/Target system:   x86_64-pc-linux-gnu
  Build system:         x86_64-pc-linux-gnu
  Install prefix:       /usr
  Compiler:             gcc -std=gnu99
  Valgrind:             no
  CFlags:               -g -O2
  Library types:        Shared=yes, Static=no
  Local libopts:        yes
  Local libtasn1:       no
  Local unistring:      yes
  Use nettle-mini:      no
  Documentation:        yes (manpages: yes)

configure: External hardware support:

  /dev/crypto:          no
  Hardware accel:       x86-64
  Padlock accel:        yes
  Random gen. variant:  auto-detect
  PKCS#11 support:      yes
  TPM support:          yes

configure:
  TPM library:          /usr/lib64/libtspi.so.1

configure: Optional features:
(note that included applications might not compile properly
if features are disabled)

  SSL3.0 support:       yes
  SSL2.0 client hello:  yes
  DTLS-SRTP support:    yes
  ALPN support:         yes
  OCSP support:         yes
  Ses. ticket support:  yes
  OpenPGP support:      yes
  SRP support:          yes
  PSK support:          yes
  DHE support:          yes
  ECDHE support:        yes
  Anon auth support:    yes
  Heartbeat support:    yes
  IDNA support:         IDNA 2003 (libidn)
  Self checks:          no
  Non-SuiteB curves:    yes
  FIPS140 mode:         no

configure: Optional libraries:

  Guile wrappers:       yes
  C++ library:          yes
  DANE library:         yes
  OpenSSL compat:       yes

configure: System files:

  Trust store pkcs11:
  Trust store dir:
  Trust store file:     /etc/ssl/ca-bundle.crt
  Blacklist file:
  CRL file:
  Priority file:        /etc/gnutls/default-priorities
  DNSSEC root key file: /var/lib/unbound/root.key

然后make:

make

报错:

./../pkcs11_int.h:27:28: fatal error: p11-kit/pkcs11.h: No such file or directory
 #include <p11-kit/pkcs11.h>

没找到文件,那就复制过来:

cp -R /usr/include/p11-kit-1/p11-kit /root/gnutls-3.5.11/lib/p11-kit

重新 make 通过,继续 make install :

make install

输出:

...
Libraries have been installed in:
   /usr/lib
...
Libraries have been installed in:
   /usr/lib/guile/2.0
...
make[1]: Leaving directory `/root/sni/gnutls-3.5.8'

更新系统动态连接库配置:

echo /usr/lib >> /etc/ld.so.conf && ldconfig

编译安装完成。

相关路径:

/usr/include/gnutls/gnutls.h
/usr/lib/libgnutls.so.30.8.1

注意:需要重新编译mod_gnutls才能在Apache中使新版本生效。

参考:https://amon.org/mod_gnutls

查看版本

查看版本(shell):

gnutls-cli -v

输出:

gnutls-cli 3.5.11
Copyright (C) 2000-2017 Free Software Foundation, and others, all rights reserved.
This is free software. It is licensed for use, modification and
redistribution under the terms of the GNU General Public License,
version 3 or later <http://gnu.org/licenses/gpl.html>


Please send bug reports to:  <bugs@gnutls.org>

报错:p11_kit_uri_get_pin_value

../lib/.libs/libgnutls.so: undefined reference to `p11_kit_uri_get_pin_value'

You are compiling with a newer library than the one you are linking with.
Most likely you have both versions of the libraries available but your
flags to linker are not correct.

因为系统中存在2个版本的p11-kit,而并不支持高版本gnutls的低版本p11-kit被使用。所以,需要移除低版本,然后编译安装高版本p11-kit。

参考:https://amon.org/p11-kit

报错:sys_getrandom

在make时报错,探讨解决办法:https://amon.org/sys_getrandom ,暂无解决办法。

git方式编译安装:

实证未遂。

下载:https://gitlab.com/gnutls/gnutls

安装依赖包:

yum install git autoconf libtool automake autogen autogen-libopts-devel trousers-devel guile-devel libidn-devel gawk gperf git2cl libtasn1-tools unbound-devel help2man gtk-doc texinfo texlive valgrind libasan libasan-static libubsan nodejs softhsm datefudge lcov dieharder mbedtls-utils abi-compliance-checker libcmocka-devel socat

开始编译:

git clone https://gitlab.com/gnutls/gnutls.git && cd gnutls
git submodule update --init
autoreconf -i && automake && autoconf
export NETTLE_CFLAGS="-I/usr/include/nettle" NETTLE_LIBS="-L/usr/lib64 -lnettle" HOGWEED_CFLAGS="-I/usr/include/nettle" HOGWEED_LIBS="-L/usr/lib64 -lhogweed" P11_KIT_CFLAGS="-I/usr/include/p11-kit-1/p11-kit" P11_KIT_LIBS="-L/usr/lib -lp11-kit" LIBTASN1_CFLAGS="-I/usr/include" LIBTASN1_LIBS="-L/usr/lib -ltasn1" GMP_CFLAGS="-I/usr/local/include" GMP_LIBS="-L/usr/local/lib -lgmp"
./configure --prefix=/usr --with-default-trust-store-file=/etc/ssl/ca-bundle.crt --enable-gtk-doc --enable-openssl-compatibility --enable-local-libopts
make bootstrap
make
make check
make install

报错:asn1_der_decoding2

In file included from common.c:34:0:
./common.h: In function '_asn1_strict_der_decode':
./common.h:259:2: warning: implicit declaration of function 'asn1_der_decoding2' [-Wimplicit-function-declaration]

重新编译libtasn1。

参考:https://amon.org/libtasn1

报错:sha256_ctx

struct sha256_ctx' has no member named 'count'

参考:https://dev.openwrt.org/changeset/41263

重新编译nettle。

参考:https://amon.org/nettle

报错:pkcs11_int.h

./../pkcs11_int.h:27:28: fatal error: p11-kit/pkcs11.h: No such file or directory
 #include <p11-kit/pkcs11.h>

缺少还是没找到,那就复制过来:

cp -R /usr/include/p11-kit-1/p11-kit /root/gnutls/lib/p11-kit

事实证明这种方案可行。

参考:http://www.gnutls.org/manual/html_node/gnutls_002dcli-Invocation.html

参考资料:

参考:https://www.painso.com/ocserv-install-usage
参考:http://zkxtom365.blogspot.com/2015/02/centos-65ocservcisco-anyconnect

参考:http://blog.csdn.net/tanogut/article/details/7836545
参考:http://www.cnblogs.com/siikee/p/4272104
参考:http://lists.gnutls.org/pipermail/gnutls-help/2013-May/003136
参考:http://linux.debian.bugs.rc.narkive.com/9Z5rQcJT/bug-782078-info-received-additional-info-probably-caused-by-evolution-mapi
参考:https://github.com/rdp/ffmpeg-windows-build-helpers/issues/513573192551

广告位
美团云

评论已关闭.