博主有个老RHEL系统，内核2.6.18；ssl不管用了，最简单的wget也不行，下面编个静态编译的新版 curl 用用（不影响yum源，不然的话系统自带的旧版 OpenSSL 受影响得得不偿失），来最优化解决下

首要最重要的一步是选对方案及版本

WolfSSL 通常比 OpenSSL 更容易在老系统上编译，且WolfSSL 的配置通常更简单

wolfSSL 2.9.0 + curl 7.36.0 最兼容当前老系统（RHEL 5.8），试错了好多版本

老系统 scp都不好使了wget https://github.com/wolfSSL/wolfssl/archive/refs/tags/v2.9.0.tar.gzscp -oHostKeyAlgorithms=+ssh-rsa v2.9.0.tar.gz   root@192.168.31.125:/home/wget https://curl.se/download/curl-7.36.0.tar.gzwget http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz
scp -oHostKeyAlgorithms=+ssh-rsa autoconf-2.69.tar.gz   root@192.168.31.125:/
scp -oHostKeyAlgorithms=+ssh-rsa m4-1.4.19.tar.gz    root@192.168.31.125:/
scp -oHostKeyAlgorithms=+ssh-rsa automake-1.16.5.tar.gz   root@192.168.31.125:/
scp -oHostKeyAlgorithms=+ssh-rsa libtool-2.4.7.tar.gz  root@192.168.31.125:/

其中 wolfSSL 2.9.0 构建需要走autogen.sh 来生成 configure 脚本，且无法执行，报出系统自带的 Autoconf 工具版本不行，有点旧

[root@localhost wolfssl-2.9.0]#./autogen.sh 
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
configure.ac:19: error: Autoconf version 2.63 or higher is required
configure.ac:19: the top level
autom4te: /usr/bin/m4 failed with exit status: 63
aclocal: autom4te failed with exit status: 63
autoreconf: aclocal failed with exit status: 63

重新编译个,手动升级 Autoconf 和 Automake 工具链

# 不要覆盖系统自带的 /usr/bin/autoconf 和 /usr/bin/automake，以免破坏系统软件包的构建。我们将它们安装到自定义目录。
# 安装依赖（如果需要）： 确保已安装 gcc, make 等。可能还需要 texinfo。
# yum install texinfo#下载并编译新版本 M4 (Autoconf 的依赖)
wget http://ftp.gnu.org/gnu/m4/m4-1.4.19.tar.gz
tar xzvf m4-1.4.19.tar.gz
cd m4-1.4.19
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH#下载并编译新版本 Autoconf
wget http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz
tar xzvf autoconf-2.69.tar.gz
cd autoconf-2.69
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH#下载并编译新版本 Automake
wget http://ftp.gnu.org/gnu/automake/automake-1.16.5.tar.gz
tar xzvf automake-1.16.5.tar.gz
cd automake-1.16.5
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH#下载并编译新版本 Libtool
wget http://ftp.gnu.org/gnu/libtool/libtool-2.4.7.tar.gz
tar xzvf libtool-2.4.7.tar.gz
cd libtool-2.4.7
./configure --prefix=/usr/local/autotools
make
sudo make install
export PATH=/usr/local/autotools/bin:$PATH# 最终可将下面的行添加到 ~/.bashrc 或 /etc/profile 中，以便下次登录时自动设置路径：
export PATH=/usr/local/autotools/bin:$PATH

编译wolfssl

cd wolfssl-2.9.0/
./autogen.sh 
./configure    --enable-static --disable-shared \--prefix=/usr/local/wolfssl \--disable-examples \--disable-async
make 
make install

编译crul

cd curl-7.36.0./configure   --enable-static --disable-shared  \--prefix=/usr/local/curl     \--without-ssl      \--with-wolfssl=/usr/local/wolfssl  \--without-zlib        \--disable-ldap  \--disable-ldaps
这里不对劲   

[root@localhost curl-7.36.0]#./configure --help | grep -i ssl--with-spnego=DIR       Specify location of SPNEGO library fbopenssl--with-winssl           enable Windows native SSL/TLS--without-winssl        disable Windows native SSL/TLS--with-darwinssl        enable iOS/Mac OS X native SSL/TLS--without-darwinssl     disable iOS/Mac OS X native SSL/TLS--with-ssl=PATH         Where to look for OpenSSL, PATH points to the SSLinstallation (default: /usr/local/ssl); when--without-ssl           disable OpenSSL--with-polarssl=PATH    where to look for PolarSSL, PATH points to the--without-polarssl      disable PolarSSL detection--with-cyassl=PATH      where to look for CyaSSL, PATH points to the--without-cyassl        disable CyaSSL detectionif another SSL engine is selected.

curl 7.36.0 使用的是 --with-cyassl 选项而不是 --with-wolfssl

# 清理之前的编译
make distclean# 使用正确的配置选项 --with-cyassl
./configure --enable-static --disable-shared \--prefix=/usr/local/curl \--without-ssl \--with-cyassl=/usr/local/wolfssl \LDFLAGS="-L/usr/local/wolfssl/lib" \CPPFLAGS="-I/usr/local/wolfssl/include"# 编译和安装
make
make install

验证

[root@localhost curl-7.36.0]#/usr/local/curl/bin/curl https://example.com -k -I
HTTP/1.1 200 OK
Content-Type: text/html
ETag: "84238dfc8092e5d9c0dac8ef93371a07:1736799080.121134"
Last-Modified: Mon, 13 Jan 2025 20:11:20 GMT
Cache-Control: max-age=3412
Date: Wed, 27 Aug 2025 00:09:45 GMT
Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600
Connection: keep-alive[root@localhost curl-7.36.0]#/usr/local/curl/bin/curl --version | grep -i ssl
curl 7.36.0 (x86_64-unknown-linux-gnu) libcurl/7.36.0 CyaSSL/2.9.0 zlib/1.2.3
Features: IPv6 Largefile SSL libz 
[root@localhost curl-7.36.0]#

试错历史脚本

make distclean./configure --enable-all --enable-opensslextra --enable-static --disable-shared --prefix=/usr/local/wolfssl-5.8.2
make
make install./configure --enable-opensslextra \--enable-all \--enable-tls13 \--enable-alpn \--enable-sni \--enable-curl \--enable-crl \--disable-crl-monitor \--enable-static --disable-shared --prefix=/usr/local/wolfssl-5.8.2gcc -I/usr/local/wolfssl-5.8.2/include -L/usr/local/wolfssl-5.8.2/lib test_wolfssl.c -lwolfssl -o test_wolfssl -lpthread -lm1029  ls          ./configure --enable-opensslextra \--enable-all \--enable-tls13 \--enable-alpn \--enable-sni \--enable-ecc \--enable-supportedcurves \--enable-session-ticket \--enable-ocsp \--enable-curl \--enable-des3 \--enable-aesgcm \--enable-aesccm \--disable-crl-monitor \--enable-static --disable-shared --prefix=/usr/local/wolfssl-5.8.2 \CFLAGS="-DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DHAVE_EXTENDED_MASTER -DHAVE_SNI -DHAVE_ALPN"./configure --disable-shared \
--enable-static \
--with-wolfssl=/usr/local/wolfssl-5.8.2 \
--prefix=/usr/local/tiny-curl-8.4.0 \
LDFLAGS="-L/usr/local/wolfssl-5.8.2/lib -lwolfssl  -lpthread -lm" \--disable-ldap --disable-ldaps \
CPPFLAGS="-I/usr/local/wolfssl-5.8.2/include -DSHA256_DIGEST_LENGTH=32" \
--verbose

cat > test_wolfssl.c << 'EOF'
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
#include <stdio.h>int main() {printf("WolfSSL test: %s\n", wolfSSL_lib_version());return 0;
}
EOF