Re: [openssl-users] Build from source; library not found?

[Viktor Dukhovni]

> On May 20, 2017, at 8:52 PM, Richard Levitte  wrote:
> 
> Err, it is correct insofar that it is how OpenSSL 1.0.2{x} is built.

Perhaps by default, I routinely do builds of OpenSSL 1.0.2 in which
the library rpaths are set.

> It's possible it SHOULD be built differently, but that's a different
> story.  Here, the question was what's actually done.

The choice of additional CFLAGS is up to the user.

-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] automating my CA

[Hiran Chaudhuri]

Check out "let's encrypt" and the ACME protocol. There is also a free O SS 
implementation available.

Hiran

Am 19. Mai 2017 14:13:55 MESZ schrieb Jannis Ohms :
>Hi,
>
>I need some kind of API which accepts CSRs and signs them
>
>Alot of  Online certificate providers have some kind of REST API.
>
>Is there such an API available as OSS or do i have to write one myself
>
>-- 
>openssl-users mailing list
>To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Build from source; library not found?

[Richard Levitte]

In message  on Thu, 18 May 
2017 18:35:32 -0400, Viktor Dukhovni  said:

openssl-users> 
openssl-users> > On May 18, 2017, at 4:08 PM, Richard Levitte 
 wrote:
openssl-users> > 
openssl-users> > hiran.chaudhuri> Incidently, I think that when you do 
this, you'll find that it
openssl-users> > hiran.chaudhuri> finds
openssl-users> > hiran.chaudhuri> your libraries all right:
openssl-users> > hiran.chaudhuri> 
openssl-users> > hiran.chaudhuri> $ ldd /prefix/openssl/bin/openssl
openssl-users> > hiran.chaudhuri> 
openssl-users> > hiran.chaudhuri> Now this is interesting. Yes, openssl can 
find both the libraries
openssl-users> > hiran.chaudhuri> libssl and libcrypto. Would that imply that 
rpath is only a setting
openssl-users> > hiran.chaudhuri> for application (executables) but not for 
shared libraries?
openssl-users> > hiran.chaudhuri> In that case the test I tried would be 
totally meaningless.
openssl-users> > 
openssl-users> > Yes, that's correct.
openssl-users> 
openssl-users> NO, it is not correct, shared libraries also have rpaths for 
their
openssl-users> own dependencies.  And when building OpenSSL for installation in
openssl-users> non-default locations (not /usr/lib and the like) the libraries
openssl-users> should have an rpath.

Err, it is correct insofar that it is how OpenSSL 1.0.2{x} is built.
It's possible it SHOULD be built differently, but that's a different
story.  Here, the question was what's actually done.

(side note: BSD is treated differently, 'cause there was a time when
the RPATH setting in executable binaries didn't propagate down to the
libraries they loaded)

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Build from source; library not found?

[Jeffrey Walton]

On Sat, May 20, 2017 at 7:10 AM, Hiran Chaudhuri
 wrote:
> Am 19-May-2017 00:36:18 +0200 schrieb openssl-us...@dukhovni.org:
>
>> hiran.chaudhuri> Now this is interesting. Yes, openssl can find both the
>> libraries
>> hiran.chaudhuri> libssl and libcrypto. Would that imply that rpath is only
>> a setting
>> hiran.chaudhuri> for application (executables) but not for shared
>> libraries?
>> hiran.chaudhuri> In that case the test I tried would be totally
>> meaningless.
>>
>> Yes, that's correct.
>
> NO, it is not correct, shared libraries also have rpaths for their
> own dependencies. And when building OpenSSL for installation in
> non-default locations (not /usr/lib and the like) the libraries
> should have an rpath.
>
> It would sound logical. But how could I then enforce the runpath to be set
> in the libraries?

https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs.

I've never understood the use case - build a new/updated openssl,
compile time link against the new one, and then runtime link against
the old one.

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Build from source; library not found?

[Hiran Chaudhuri]

Am 19-May-2017 00:36:18 +0200 schrieb openssl-us...@dukhovni.org: 

> hiran.chaudhuri> Now this is interesting. Yes, openssl can find both the 
> libraries
 > hiran.chaudhuri> libssl and libcrypto. Would that imply that rpath is only a 
 > setting
 > hiran.chaudhuri> for application (executables) but not for shared libraries?
 > hiran.chaudhuri> In that case the test I tried would be totally meaningless.
 > 
 > Yes, that's correct.

 NO, it is not correct, shared libraries also have rpaths for their
 own dependencies. And when building OpenSSL for installation in
 non-default locations (not /usr/lib and the like) the libraries
 should have an rpath.

 -- 
 Viktor.

 Hi Viktor.   It would sound logical. But how could I then enforce the runpath 
to be set in the libraries?   Hiran
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users