I'll set the LIBS var and test it again later this evening. On 2017-11-15 19:12, Rainer Jung wrote: > IMHO there is no clean and easy workaround but for now it should be > acceptable to set your LIBS environment variable to "-ldl" before > running configure. Please don' give up if this still fails, it can well > be that we see other OpenSSL check failures for other reasons later > during configure. Simply provide the config.log again and I will have > another look.
Yea, -ldl is always required when linking against a static lib. Maybe there's a way to check if only a static library is available in which case -ldl is added. > During build time there is a clean way of supplying additional OpenSSL > dependencies and flags like "-L..." and "-R..." or "-Wl,-rpath,..." > namely by providing them in the environment variable > LDADD_crypto_openssl. But this variable is not used during configure time. The -rpath, and LD_X flags only work with dynamic libs. I'm using a static openssl library. > Some platforms like Solaris need additional dependency libs, namely > "-lsocket -lnsl". Some builds of OpenSSL depend on "-lz" for compresion, > but for safety reasons more modern builds should have compression > support turned of in OpenSSL. Yes, another reason why I usually create a static openssl lib. > There's nothing wrong with your private OpenSSL > copy, it just explains why the second configure run showed the differing > behavior. I believe most configure setups expect dynamic libs, which I do not have. I create one static openssl lib. Many, many years ago I read an article why it was better to use static openssl libraries (when using your own openssl copy) than dynamic ones. I think it was mostly for security reasons, no way of injecting other versions, no changing of addresses in the symbol table, and whatnot.... Maybe all these points are not valid anymore and I should reconsider. I'll have to look into it. > As a real fix IMHO we need to add PKG_CONFIG checks to our OpenSSL > handling in configure, so that we learn from the pc file the OpenSSL > dependencies. Such code is already present for the nss crypto handling > in the same configure and is missing from the OpenSSL part. As long as there's a way to define that openssl is static, all is good. The problem with something like --pkg-config-flags=--static is that this would apply to all libraries. -- regards Helmut K. C. Tessarek KeyID 0xF7832007C11F128D Key fingerprint = 28A3 1666 4FE8 D72C CFD5 8B23 F783 2007 C11F 128D /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */
