Re: How to compile with packaged openssl when custom openssl installed?

Thu, 04 Nov 2021 06:56:10 -0700 

Hi Shawn,

On Wed, Nov 03, 2021 at 10:56:02AM -0600, Shawn Heisey wrote:
> On 11/3/21 9:25 AM, ???? ??????? wrote:
> > you either need to specify LD_LIBRARY_PATH or add rpath during link,
> > here's example how to use rpath via ADDLIB haproxy/.travis.yml at
> > 57610c694e56a6b0d55bf42f1170bad93b7b3297 · haproxy/haproxy (github.com) 
> > <https://github.com/haproxy/haproxy/blob/57610c694e56a6b0d55bf42f1170bad93b7b3297/.travis.yml#L68-L85>
> 
> 
> I can't tell how to actually use that for my setup from the highlighted
> lines in that github page.
> 
> Everything I have seen says that haproxy's build system is ignoring the
> SSL_INC and SSL_LIB settings I told it to use, and autodetecting the openssl
> in /usr/local.
> 
> But even if I am wrong about that, I did work out how to achieve my goals. 
> I built openssl with --prefix=/usr/local/ssl3 and made a symlink for its
> "openssl" binary to /usr/local/bin/ossl. I get to have the custom openssl
> installed and available with an altered command, but now haproxy's build
> system won't find it.

Normally you just have to specify SSL_INC and SSL_LIB at build time to
specify the one you want to build with. I'm doing exactly this when I
want to build with older versions:

  $ ls -1d /opt/openssl-* 
  /opt/openssl-0.9.8/
  /opt/openssl-1.0.0/
  /opt/openssl-1.0.2/
  /opt/openssl-1.1.0/

  $ make -j$(nproc) TARGET=linux-glibc USE_OPENSSL=1 \
    SSL_INC=/opt/openssl-1.0.2/include SSL_LIB=/opt/openssl-1.0.2/lib
  ...
      LD      haproxy
  $ ./haproxy -v
  HAProxy version 2.5-dev12-726635-14 2021/11/03 - https://haproxy.org/

When used on the same machine you used to build, it's also possible to
use -rpath to store the lib's path into the executable:

  $ make -j$(nproc) TARGET=linux-glibc USE_OPENSSL=1 \
    SSL_INC=/opt/openssl-1.0.2/include \
    SSL_LIB="/opt/openssl-1.0.2/lib -Wl,-rpath=/opt/openssl-1.0.2/lib"

  $ ldd ./haproxy
    linux-vdso.so.1 (0x00007ffce1ff9000)
    libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f5fa6f83000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007f5fa6f7e000)
    librt.so.1 => /lib64/librt.so.1 (0x00007f5fa6f74000)
    libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5fa6f52000)
    libssl.so.1.0.0 => /opt/openssl-1.0.2/lib/libssl.so.1.0.0 
(0x00007f5fa6ce2000)
    libcrypto.so.1.0.0 => /opt/openssl-1.0.2/lib/libcrypto.so.1.0.0 
(0x00007f5fa689d000)
    libc.so.6 => /lib64/libc.so.6 (0x00007f5fa66b6000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f5fa700e000)

  $ ./haproxy -vv | grep -i ssl
  OPTIONS = USE_OPENSSL=1
  Feature list : +EPOLL -KQUEUE +NETFILTER -PCRE -PCRE_JIT -PCRE2 -PCRE2_JIT 
+POLL +THREAD +BACKTRACE -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY 
+LINUX_SPLICE +LIBCRYPT +CRYPT_H +GETADDRINFO +OPENSSL -LUA +ACCEPT4 -CLOSEFROM 
-ZLIB +SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL 
-SYSTEMD -OBSOLETE_LINKER +PRCTL -PROCCTL +THREAD_DUMP -EVPORTS -OT -QUIC 
-PROMEX -MEMORY_PROFILING
  Built with OpenSSL version : OpenSSL 1.0.2j  26 Sep 2016
  Running on OpenSSL version : OpenSSL 1.0.2j  26 Sep 2016
  OpenSSL library supports TLS extensions : yes
  OpenSSL library supports SNI : yes
  OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2

There's no reason that wouldn't work for you, as it's commonly used.
I suspect you just have one option wrong (possibly missing /lib at
the end of the SSL_LIB for example).

Willy

Reply via email to