I am using centos 7.2, I will intall Nginx-CT,and it needs OpenSSL 1.0.2,the current version is as follow:
[root@i001 ~]# rpm -qa|grep openssl
openssl-libs-1.0.1e-51.el7_2.4.x86_64
openssl-devel-1.0.1e-51.el7_2.4.x86_64
openssl-1.0.1e-51.el7_2.4.x86_64
I tried to download SRPM package in fedora repertory,
openssl-1.0.2d-2.fc23.src.rpm
rebuild it and install, but there is something wrong,
[root@i001 ~]# yum update openssl
Loaded plugins: axelget, langpacks
No metadata available for base
No metadata available for dockerrepo
No metadata available for elrepo
No metadata available for epel
No metadata available for extras
No metadata available for local
No metadata available for mariadb
No metadata available for nginx
No metadata available for remi-php70
No metadata available for remi-php70-test
No metadata available for remi-safe
No metadata available for salt-2015.8
No metadata available for updates
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 1:1.0.1e-51.el7_2.4 will be updated
---> Package openssl.x86_64 1:1.0.2d-2.el7.centos will be an update
--> Processing Dependency: openssl-libs(x86-64) = 1:1.0.2d-2.el7.centos for package: 1:openssl-1.0.2d-2.el7.centos.x86_64
--> Processing Dependency: libcrypto.so.10(OPENSSL_1.0.2)(64bit) for package: 1:openssl-1.0.2d-2.el7.centos.x86_64
--> Running transaction check
---> Package openssl-libs.x86_64 1:1.0.1e-51.el7_2.4 will be updated
--> Processing Dependency: openssl-libs(x86-64) = 1:1.0.1e-51.el7_2.4 for package: 1:openssl-devel-1.0.1e-51.el7_2.4.x86_64
---> Package openssl-libs.x86_64 1:1.0.2d-2.el7.centos will be an update
--> Processing Dependency: crypto-policies for package: 1:openssl-libs-1.0.2d-2.el7.centos.x86_64
--> Running transaction check
---> Package openssl-devel.x86_64 1:1.0.1e-51.el7_2.4 will be updated
---> Package openssl-devel.x86_64 1:1.0.2d-2.el7.centos will be an update
---> Package openssl-libs.x86_64 1:1.0.2d-2.el7.centos will be an update
--> Processing Dependency: crypto-policies for package: 1:openssl-libs-1.0.2d-2.el7.centos.x86_64
--> Finished Dependency Resolution
Error: Package: 1:openssl-libs-1.0.2d-2.el7.centos.x86_64 (local)
Requires: crypto-policies
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
What should I do?
Best Answer
First, let me say that garethTheRed and Bratchley are right in that the package of OpenSSL you're trying to install is not supported on CentOS, and doing so is not recommended. Trying to do this could cause problems on your system.
If you absolutely must have this installed... As I understand it, you're trying to install nginx-ct, which requires OpenSSL 1.0.2 or higher because of its need for
SSL_CTX_add_server_custom_ext
andSSL_CTX_set_signed_cert_timestamp_list
.Using yum
Using packages from other unsupported repos for your system is a bad idea, as pointed out by others. From the looks of your yum output, it's complaining about a dependency on the crypto-policies package (required by openssl-libs-1.0.2d-2). You could try to install the crypto-policies package (also from the Fedora 23 repo) first.
Compiling from source
As Bratchley pointed out in this comment, you can try to compile nginx with a specific version of OpenSSL from source. Here are the updated starting commands from that tutorial:
The rest of the commands in that tutorial should be able to be followed as-is.
A last alternative
Alternatively, you could try to use BoringSSL, since nginx-ct supports that, though it seems you would have to build it from source.