From: pcarana <pc.moreno2099@gmail.com>
Date: Thu, 8 Aug 2019 13:10:05 +0000 (-0500)
Subject: Add OpenSSL >= 1.1 prerequisite, and docs to install on CentOS
X-Git-Tag: v1.0.0^2~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f915f7352f8ff96b039f52796c04667088f43976;p=thirdparty%2FFORT-validator.git

Add OpenSSL >= 1.1 prerequisite, and docs to install on CentOS
---

diff --git a/README.md b/README.md
index ef79257a..5d93584d 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@ An RPKI Validator and RTR Server.
 
 Dependencies:
 
-1. libcrypto ([LibreSSL](http://www.libressl.org/) or [OpenSSL](https://www.openssl.org/))
+1. libcrypto ([LibreSSL](http://www.libressl.org/) or [OpenSSL](https://www.openssl.org/) >= 1.1)
 2. [jansson](https://github.com/akheron/jansson)
 3. [rsync](http://rsync.samba.org/)
 
diff --git a/configure.ac b/configure.ac
index 833ad861..502db83f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -27,8 +27,8 @@ AC_CHECK_FUNCS([memset socket])
 AC_SEARCH_LIBS([pthread_create], [pthread], [],
 	[AC_MSG_ERROR([unable to find the pthread() function])]
 )
-AC_SEARCH_LIBS([d2i_X509_bio], [crypto], [],
-	[AC_MSG_ERROR([unable to find the d2i_X509_bio() function])]
+AC_SEARCH_LIBS([X509_get_version], [crypto], [],
+	[AC_MSG_ERROR([unable to find the X509_get_version() function])]
 )
 AC_SEARCH_LIBS([backtrace],[execinfo],[],
 	[AC_MSG_ERROR([unable to find backtrace() function])]
diff --git a/docs/doc/installation.md b/docs/doc/installation.md
index 29be8a44..26a3f518 100644
--- a/docs/doc/installation.md
+++ b/docs/doc/installation.md
@@ -13,16 +13,17 @@ title: Compilation and Installation
 3. [Option 2: Compiling and installing the release tarball](#option-2-compiling-and-installing-the-release-tarball)
 	1. [Debian version](#debian-version)
 	2. [OpenBSD version](#openbsd-version)
+	3. [CentOS version](#centos-version)
 4. [Option 3: Compiling and installing the git repository](#option-3-compiling-and-installing-the-git-repository)
 
 ## Dependencies
 
-> Note: I'm only including this section in case you intend to install Fort in an unlisted OS (and therefore need a little research). For Debians and OpenBSD, just follow the steps in the sections below.
+> Note: I'm only including this section in case you intend to install Fort in an unlisted OS (and therefore need a little research). For Debians, OpenBSD and CentOS, just follow the steps in the sections below.
 
 The dependencies are
 
 1. [jansson](http://www.digip.org/jansson/)
-2. libcrypto (Either [LibreSSL](http://www.libressl.org/) or [OpenSSL](https://www.openssl.org/))
+2. libcrypto (Either [LibreSSL](http://www.libressl.org/) or [OpenSSL](https://www.openssl.org/) >= 1.1)
 3. [rsync](http://rsync.samba.org/)
 
 Fort is currently supported in *64-bit* OS. A 32-bit OS may face the [Year 2038 problem](https://en.wikipedia.org/wiki/Year_2038_problem) when handling dates at certificates, and currently there's no work around for this.
@@ -80,6 +81,56 @@ make install
 exit
 {% endhighlight %}
 
+### CentOS version
+
+This OS requires additional steps due to its GCC supported version (currently 4.8.5, fort needs >= 4.9 to compile) and default OpenSSL version (currently 1.0.2k, fort needs >= 1.1.0).
+
+**Install dependencies**
+
+{% highlight bash %}
+sudo yum install autoconf automake git jansson-devel pkgconfig rsync
+# Install supported GCC to compile OpenSSL
+sudo yum groupinstall "Development Tools"
+{% endhighlight %}
+
+**Upgrade OpenSSL from 1.0.2k to 1.1.0k**
+
+The OpenSSL version must be greater than 1.0, in this case the version 1.1.0k is installed.
+
+{% highlight bash %}
+curl https://www.openssl.org/source/openssl-1.1.0k.tar.gz | tar xvz
+cd openssl-1.1.0k
+./config --prefix=/usr/local --openssldir=/usr/local/openssl
+make
+sudo make install
+# Update library files
+sudo mv libcrypto.so.1.1 libssl.so.1.1 /usr/lib64/
+# Verify installed version
+openssl version
+{% endhighlight %}
+
+**Upgrade GCC**
+
+There are two options to upgrade GCC:
+1. Compile and install a newer version >= 4.9 (slow process).
+2. Use [Software Collections](https://www.softwarecollections.org) (indicated at the following steps).
+
+{% highlight bash %}
+sudo yum install centos-release-scl
+sudo yum install devtoolset-3-gcc
+# Start a session using the upgraded GCC
+scl enable devtoolset-3 bash
+cd ~
+curl -L https://github.com/NICMx/FORT-validator/releases/download/v{{ site.fort-latest-version }}/fort-{{ site.fort-latest-version }}.tar.gz > fort-{{ site.fort-latest-version }}.tar.gz
+tar xvzf fort-{{ site.fort-latest-version }}.tar.gz
+cd fort-{{ site.fort-latest-version }}
+./configure
+make
+sudo make install
+# Close the 'devtoolset' session
+exit
+{% endhighlight %}
+
 ## Option 3: Compiling and installing the git repository
 
 {% highlight bash %}