On Mon, 4 Jul 2022 at 23:53, sebb <seb...@gmail.com> wrote: > > On Mon, 4 Jul 2022 at 17:20, sebb <seb...@gmail.com> wrote: > > > > The JNA code should now be able to support all combinations of methods. > > > > Also JNA supports the property jna.library.path when loading the crypto > > library. > > This allows one to override the default which may not be the same as > > the default OpenSSL version. e.g. the GH action builds default to > > OpenSSL 1.1.1, but the default crypto library is LibreSSL 2.x. > > > > The override works fine on macOS, but I have yet to find the correct > > value on Windows. > > > > JNI works OK on all OSes, but the default crypto library it uses may > > be different from the OpenSSL version. So far have not found out how > > to override the default successfully when the Commons native code is > > invoked as part of a Java app. It looks like the environment variables > > that work for non-Java apps are not passed to the native code. > > Turns out that macOS System Integrity Protection [1] purges the > environment variables that can be used to affect the dynamic loader. > It seems the only way to override the default is to provide the path to > dlopen. > > Unfortunately there are 3 separate files that contain the dlopen code.
The dlopen code is now centralised, and uses the property "jni.library.path" to form the library path name if provided (and it is a directory). This works well for macOS. It's not essential for Linux, though it is useful to be able to provide a separate path for the crypto library without affecting other DLLs. The property name was chosen by analogy with the one used by JNA. Maybe it would make sense to use the same one? [Trivial to change this in Utils.java] I did not implement the code for Windows, as I'm not sure it is necessary, and it was more work. > > Sebb > > [1] > https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/RuntimeProtections/RuntimeProtections.html --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
