Re: --with-openssl and OPENSSL_OPT
Hello! On Tue, Sep 13, 2016 at 09:13:24PM +0200, Ondřej Nový wrote: > Hi, > > 2016-09-13 18:55 GMT+02:00 Maxim Dounin : > > > > Try something like this: > > > > ./configure --with-http_ssl_module --with-openssl=/path/to/openssl-1.0.2h > > --with-openssl-opt=no-idea > > make > > (cd /path/to/openssl-1.0.2h; make depend) > > make > > > > this is crazy :). Why you don't add make depend to nginx build phase of > OpenSSL? It should not harm anyone and build will succeed for first time. There is no way to find out if "make depend" is needed or not. On the other hand, it has noticeable cost, and not needed in most cases. -- Maxim Dounin http://nginx.org/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: --with-openssl and OPENSSL_OPT
Hi, 2016-09-13 18:55 GMT+02:00 Maxim Dounin : > > Try something like this: > > ./configure --with-http_ssl_module --with-openssl=/path/to/openssl-1.0.2h > --with-openssl-opt=no-idea > make > (cd /path/to/openssl-1.0.2h; make depend) > make > this is crazy :). Why you don't add make depend to nginx build phase of OpenSSL? It should not harm anyone and build will succeed for first time. > > I have built OpenSSL libs, so i have .s + .h files :). How to point nginx > > to this files to static link them please? > > You need .h (include) and .a (static library) files. Then use > sry, no .s but .a files. > ./configure --with-cc-opt="-I /path/to/openssl/include" --with-ld-opt="-L > /path/to/openssl/lib" > that looks cool, I will try it. Thanks. -- Best regards Ondřej Nový ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: --with-openssl and OPENSSL_OPT
Hello! On Tue, Sep 13, 2016 at 05:56:32PM +0200, Ondrej Novy wrote: > 2016-09-13 3:40 GMT+02:00 Maxim Dounin : > > > If you need to configure openssl configure options which require > > "make depend", you can run "make depend" yourself before making > > nginx (and thus OpenSSL). > > > > so I should run config+make depend+make myself? That doesn't work, nginx > calls config nevertheless and thus overwritting my config. Try something like this: ./configure --with-http_ssl_module --with-openssl=/path/to/openssl-1.0.2h --with-openssl-opt=no-idea make (cd /path/to/openssl-1.0.2h; make depend) make On the first "make", nginx will run OpenSSL config and then try to build it. The build will fail due to no "make depend" (actually, you can stop it with Ctrl-C right after OpenSSL's configure). On the second "make", the build will succeed. > Alternatively, you can make OpenSSL yourself instead of asking > > nginx to do it for you. Note that using --with-openssl option of > > nginx configure is not something required for static building with > > OpenSSL. Rather, it's a convenient shortcut to make things easier > > in common cases. > > > > I have built OpenSSL libs, so i have .s + .h files :). How to point nginx > to this files to static link them please? You need .h (include) and .a (static library) files. Then use compiler and linker options to specify paths to include and library files, -I and -L respectively. Use "--with-cc-opt" and "--with-ld-opt" to pass the options through nginx configure: ./configure --with-cc-opt="-I /path/to/openssl/include" --with-ld-opt="-L /path/to/openssl/lib" Note that there should be no dynamic libraries (*.so) for OpenSSL available in the lib path specified, or they will be used instead of static libraries. To prevent dynamic libraries from appearing you can configure OpenSSL with the "no-shared" flag, much like nginx does itself. Full procedure to build both OpenSSL and nginx with it will look like this: cd /path/to/openssl-1.0.2h ./config --prefix=`pwd`/.openssl no-shared no-idea make depend make make install_sw cd /path/to/nginx ./configure --with-http_ssl_module \ --with-cc-opt="-I /path/to/openssl-1.0.2h/.openssl/include" \ --with-ld-opt="-L /path/to/openssl-1.0.2h/.openssl/lib" make -- Maxim Dounin http://nginx.org/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: --with-openssl and OPENSSL_OPT
Hi, 2016-09-13 3:40 GMT+02:00 Maxim Dounin : > If you need to configure openssl configure options which require > "make depend", you can run "make depend" yourself before making > nginx (and thus OpenSSL). > so I should run config+make depend+make myself? That doesn't work, nginx calls config nevertheless and thus overwritting my config. Alternatively, you can make OpenSSL yourself instead of asking > nginx to do it for you. Note that using --with-openssl option of > nginx configure is not something required for static building with > OpenSSL. Rather, it's a convenient shortcut to make things easier > in common cases. > I have built OpenSSL libs, so i have .s + .h files :). How to point nginx to this files to static link them please? Thank you. -- Best regards Ondřej Nový ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: --with-openssl and OPENSSL_OPT
Hello! On Mon, Sep 12, 2016 at 09:55:32PM +0200, Ondřej Nový wrote: > I want to use OpenSSL 1.0.2 static linked with nginx. So I'm using > --with-openssl option. But I want to set OpenSSL configure options. Option > OPENSSL_OPT looks like correct way. > > If I set this variable: > export OPENSSL_OPT=no-idea > > After OpenSSL configure I got message: > *** Because of configuration changes, you MUST do the following before > *** building: > > make depend > > And building fails: > make[5]: *** No rule to make target '../../include/openssl/idea.h', needed > by 'e_idea.o'. Stop. > > I think you are not calling "make depend" after configuration of OpenSSL > (auto/lib/openssl/make*). If you need to configure openssl configure options which require "make depend", you can run "make depend" yourself before making nginx (and thus OpenSSL). Alternatively, you can make OpenSSL yourself instead of asking nginx to do it for you. Note that using --with-openssl option of nginx configure is not something required for static building with OpenSSL. Rather, it's a convenient shortcut to make things easier in common cases. -- Maxim Dounin http://nginx.org/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel