如何更新服务器上的SSL组件,使其无法在SSL上实际下载包
如何更新服务器上的SSL组件,使其无法在SSL上实际下载包
提问于 2022-02-18 17:50:29
看上去好像是第22条。将服务器更新到更新版本是不可能的。我只需将Apache更新为特定的(旧版本)。
服务器是CentOS 6.3。基本回购是过时的,我必须更新它使用保险库回购。但是,它需要HTTPS,并且在更新repo之后,每当我尝试运行yum时,我都会得到:
https://vault.centos.org/centos/6/os/i386/repodata/repomd.xml:造成ssl连接的问题
显然,我需要更新一下百胜,openssl等等.但是,当我无法通过yum下载软件包时,我该如何做呢?有办法避免手工构建这些包吗?
以下是CentOS-Base.repo:(注意:将这些更改为http似乎不起作用)
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base
baseurl=https://vault.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
#released updates
[updates]
name=CentOS-$releasever - Updates
baseurl=https://vault.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=https://vault.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
baseurl=https://vault.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
baseurl=https://vault.centos.org/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6回答 3
Unix & Linux用户
回答已采纳
发布于 2022-02-18 19:47:45
通过手动安装所有更新的包,我成功地实现了yum的功能。
首先,我从CentOS 6.10保险库下载了这些包-是的,我故意在6.3服务器上使用6.10:(注意,回购很糟糕,我不得不多次重试这些命令)
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/yum-3.2.29-81.el6.centos.noarch.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/yum-plugin-fastestmirror-1.1.30-41.el6.noarch.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/yum-utils-1.1.30-41.el6.noarch.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/yum-metadata-parser-1.1.2-16.el6.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/openssl-1.0.1e-57.el6.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/openssl-devel-1.0.1e-57.el6.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/openssl-perl-1.0.1e-57.el6.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/openssl-static-1.0.1e-57.el6.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/curl-7.19.7-53.el6_9.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/libcurl-7.19.7-53.el6_9.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/libcurl-devel-7.19.7-53.el6_9.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/python-urlgrabber-3.9.1-11.el6.noarch.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/nss-3.36.0-8.el6.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/nss-util-3.36.0-1.el6.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/nss-tools-3.36.0-8.el6.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/nss-sysinit-3.36.0-8.el6.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/nss-softokn-3.14.3-23.3.el6_8.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/nss-softokn-freebl-3.14.3-23.3.el6_8.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/nspr-4.19.0-1.el6.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/p11-kit-0.18.5-2.el6_5.2.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/p11-kit-trust-0.18.5-2.el6_5.2.i686.rpm
wget --no-check-certificate https://vault.centos.org/centos/6.10/os/i386/Packages/ca-certificates-2018.2.22-65.1.el6.noarch.rpm然后我安装了这些软件包:
rpm -Uvh openssl*.rpm
rpm -Uvh ns*.rpm
rpm -Uvh *curl*.rpm
rpm -Uvh python-urlgrabber-3.9.1-11.el6.noarch.rpm
rpm -Uvh yum*.rpm
rpm -Uvh p11*.rpm
rpm -Uvh ca-certificates-2018.2.22-65.1.el6.noarch.rpm如果对已经安装的包有任何警告,那么将--force添加到rpm命令中。
最后,我运行了yum clean all,然后运行了yum install httpd,所有这些都恢复了正常工作。安装了Apache的最新修补程序级别。
上面可能不需要其中的一些包。这取决于系统上已经安装了什么。例如,如果没有安装openssl-perl.i686,就不要安装它,否则就需要安装Perl依赖项。
Unix & Linux用户
发布于 2022-02-18 18:25:57
我也遇到过同样的问题,经过这么多的尝试和错误之后,Webserver的Docker才是解决方案。我建议不要尝试只更新Apache。有那么多的依赖,最终会让你绝望。
(我知道这应该出现在评论部分,但我很少有口碑来评论一个问题。)
Unix & Linux用户
发布于 2022-02-18 21:03:10
生命的终结意味着他们已经放弃了修复安全漏洞的尝试--让这台机器暴露会给您的服务和网络上的其他人带来风险。即使那个网络是互联网。
有时升级不是一个可行的选择--如果确实如此,您应该在当前平台上运行代理的专用网络上结束此服务器。巧合的是,这也解决了服务器端SSL的问题,因为只有代理可以连接,而代理本身可以向客户端提供当前协议。
代理客户端SSL连接要复杂一些--您需要使用SSL (Squid可以配置为这样做)。
页面原文内容由Unix & Linux提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://unix.stackexchange.com/questions/691247
复制相关文章
相似问题
腾讯云开发者
