On 6/22/18 3:55 PM, Lukas Tribus wrote: > Hello, > > > > On Fri, 22 Jun 2018 at 22:09, PGNet Dev <pgnet....@gmail.com> wrote: >>> - share the openssl config line and installation commands >> >> gcc --version >> gcc (SUSE Linux) 8.1.1 20180614 [gcc-8-branch revision 261584] >> which openssl >> /usr/local/openssl11/bin/openssl >> openssl version >> OpenSSL 1.1.0h 27 Mar 2018 >> openssl version -f > > I meant how did you install openssl in /usr/local/openssl11? What > exact config, configure and make commands?
`openssl -f` provides the effective, relevant compile flags as built/installed by cd openssl-1.1.0h unset SHARED_LDFLAGS LDFLAGS LIBDEPS ZLIB_INCLUDE C_INCLUDE_PATH echo $CFLAGS -O3 -Wall -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fmessage-length=0 -grecord-gcc-switches -march=native -mtune=native make clean ./config \ --prefix=/usr/local/openssl11 \ --openssldir=/usr/local/openssl11 \ --libdir=lib64 \ --api=1.1.0 \ threads shared \ -Wl,-rpath=/usr/local/openssl11/lib64 -Wa,--noexecstack -Wl,-z,relro,-z,now -Wall -fno-common \ enable-ec_nistp_64_gcc_128 enable-rfc3779 enable-ecdsa \ no-comp no-zlib no-zlib-dynamic no-sctp no-idea no-mdc2 no-rc2 no-rc5 no-ssl3 no-weak-ssl-ciphers \ -DOPENSSL_NO_BUF_FREELISTS -DOPENSSL_NO_HEARTBEAT -DSSL_FORBID_ENULL -D_GNU_SOURCE -DPURIFY -DTERMIO make -j4 make install Works, as built above, with numerous other app builds/installs; as do a number of leaner, more restrictive builds. > Anyway I tried it myself, this is how I was successful: > > - openssl: config openssl with something like: make clean; ./config > --prefix=/home/lukas/libsslbuildpgnet/ > -Wl,-rpath=/home/lukas/libsslbuildpgnet/lib > - openssl: make && make install_sw > - haproxy: use SSL_INC and SSL_LIB properly (don't prefix it with -I > and -L), and append the rpath configuration to SSL_LIB, so in my case > that would be SSL_INC=/home/lukas/libsslbuildpgnet/include/ > SSL_LIB="/home/lukas/libsslbuildpgnet/lib > -Wl,-rpath,/home/lukas/libsslbuildpgnet/lib" Here, that still fails with the deprecated symbol checks. The build's clearly not picking up on the fact that openssl 1.1.0 is built with current api and no deprecated symbol usage. Can you provide _your_ built openssl's `openssl -f` output?
