RE: Errors building 1.1.1 on RHEL 7

Wed, 17 Jul 2019 17:55:26 -0700 

I'm still really new at this - a few questions:

-----Original Message-----
From: openssl-users <[email protected]> On Behalf Of Viktor 
Dukhovni
Sent: Wednesday, July 17, 2019 12:42 PM
To: [email protected]
Subject: Re: Errors building 1.1.1 on RHEL 7

On a system with OpenSSL 1.0.2 or OpenSSL 1.1.0 in /usr/lib (on the default 
search path), and especially when you're linking with other libraries that in 
turn were linked against the OpenSSL version in /usr/lib, using OpenSSL
1.1.1 in your application requires care...

Specifically:

  1. Choose some location that is not on the default library search path
     to install the 1.1.1 custom libraries.  I use /opt/openssl/1.1/lib
> How do I specify that?  A config parameter (and which one)?

  2. Configure your OpenSSL build to use the corresponding "rpath":
     -Wl,-rpath,/opt/openssl/1.1/lib
> Again, how do I specify that?

  3. Add a custom target platform to the "targets" array in
     Configurations/<some-file>.conf.  This can inherit from
     the configuration you're using now, but add a setting
     for "shlib_variant" as described in Configurations/README

...
inherit_from => "<your platform>",
shlib_variant => "-opt",
...
> I can find that...

  4. Build and install OpenSSL 1.1.1c with "--prefix=/opt/openssl/1.1"
     or similar for the custom target platorm.  Make sure that the
     SONAME and symbol versions contain the "-opt" or "_OPT" tweak.
> Not familiar with that tweak.

  5. Link your application against this library:

-I/opt/openssl/1.1/include -L/opt/openssl/1.1/lib 
-Wl,-rpath,/opt/openssl/1.1/lib
> Can do.

  6.  Check with "readelf -d" that the application records the expected SONAME
      for the OpenSSL library (libcrypto and/or libssl) dependencies.
> Can do.

You can now have your code using OpenSSL 1.1.1 and other libraries you use, 
using whichever OpenSSL they were compiled with.  However, you cannot pass 
OpenSSL objects you create into such libraries, their use of OpenSSL must be 
self-contained.

--
Viktor.

The information contained in this message is confidential and is intended for 
the addressee(s) only. If you have received this message in error, please 
notify the sender immediately and delete the message. Unless you are an 
addressee (or authorized to receive for an addressee), you may not use, copy or 
disclose to anyone this message or any information contained in this message. 
The unauthorized use, disclosure, copying or alteration of this message is 
strictly prohibited.

Reply via email to