Re: [openssl-users] Build from source; library not found?

2017-05-28 Thread Hiran Chaudhuri 
Quick reaction, I am impressed.

The part that triggered my wrong thoughts was the first sentence:
"RPATH's are supported by default on the BSD platforms, but not others."

It seemed platforms other than BSD will not get RPATH unless I take action. 
With that in mind I somehow understood I need to patch the config or configure 
scripts to get along.

Maybe it should read something like "on BSD the run paths are automatically 
set. For other platforms, add these parameters to your configure line...

Hiran

Am 28. Mai 2017 23:27:27 MESZ schrieb Jeffrey Walton <noloa...@gmail.com>:
>On Sun, May 28, 2017 at 5:16 PM, Hiran Chaudhuri
><hiran.chaudh...@mail.de> wrote:
>> It seems I misread the referenced documentation the first time.
>>
>> This stuff contains the answer, it just was not clear to me that also
>works
>> on Linux.
>>
>https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs.
>>
>> With that, the libraries have run paths that show the correct target
>> directories. Thanks to all for the hint.
>
>Arg... I consider confusing text a documentation bug.
>
>Is this better:
>https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs
>?
>
>Jeff
>-- 
>openssl-users mailing list
>To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Build from source; library not found?

2017-05-28 Thread Hiran Chaudhuri 
It seems I misread the referenced documentation the first time.
   This stuff contains the answer, it just was not clear to me that also works 
on Linux. 
https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs.   
With that, the libraries have run paths that show the correct target 
directories. Thanks to all for the hint.   Hiran 

 Am 23-May-2017 22:26:38 +0200 schrieb hiran.chaudh...@mail.de: 

Hello Victor. 

So you manage to build OpenSSL with rpaths. Would you like to let me know how 
this can be achieved? Is CFLAGS the only change required? (from the 
documentation mentioned earlier it seems I would have to modify the configure 
script). 

Hiran 

 Am 21-May-2017 06:51:55 +0200 schrieb openssl-us...@dukhovni.org: 

 > On May 20, 2017, at 8:52 PM, Richard Levitte  wrote:
 > 
 > Err, it is correct insofar that it is how OpenSSL 1.0.2{x} is built.

 Perhaps by default, I routinely do builds of OpenSSL 1.0.2 in which
 the library rpaths are set.

 > It's possible it SHOULD be built differently, but that's a different
 > story. Here, the question was what's actually done.

 The choice of additional CFLAGS is up to the user.

 -- 
 Viktor.

 -- 
 openssl-users mailing list
 To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Build from source; library not found?

2017-05-23 Thread Hiran Chaudhuri 
Hello Victor. 

So you manage to build OpenSSL with rpaths. Would you like to let me know how 
this can be achieved? Is CFLAGS the only change required? (from the 
documentation mentioned earlier it seems I would have to modify the configure 
script). 

Hiran 

 Am 21-May-2017 06:51:55 +0200 schrieb openssl-us...@dukhovni.org: 

 > On May 20, 2017, at 8:52 PM, Richard Levitte  wrote:
 > 
 > Err, it is correct insofar that it is how OpenSSL 1.0.2{x} is built.

 Perhaps by default, I routinely do builds of OpenSSL 1.0.2 in which
 the library rpaths are set.

 > It's possible it SHOULD be built differently, but that's a different
 > story. Here, the question was what's actually done.

 The choice of additional CFLAGS is up to the user.

 -- 
 Viktor.

 -- 
 openssl-users mailing list
 To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] automating my CA

2017-05-20 Thread Hiran Chaudhuri 
Check out "let's encrypt" and the ACME protocol. There is also a free O SS 
implementation available.

Hiran

Am 19. Mai 2017 14:13:55 MESZ schrieb Jannis Ohms :
>Hi,
>
>I need some kind of API which accepts CSRs and signs them
>
>Alot of  Online certificate providers have some kind of REST API.
>
>Is there such an API available as OSS or do i have to write one myself
>
>-- 
>openssl-users mailing list
>To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Build from source; library not found?

2017-05-20 Thread Hiran Chaudhuri 
Am 19-May-2017 00:36:18 +0200 schrieb openssl-us...@dukhovni.org: 

> hiran.chaudhuri> Now this is interesting. Yes, openssl can find both the 
> libraries
 > hiran.chaudhuri> libssl and libcrypto. Would that imply that rpath is only a 
 > setting
 > hiran.chaudhuri> for application (executables) but not for shared libraries?
 > hiran.chaudhuri> In that case the test I tried would be totally meaningless.
 > 
 > Yes, that's correct.

 NO, it is not correct, shared libraries also have rpaths for their
 own dependencies. And when building OpenSSL for installation in
 non-default locations (not /usr/lib and the like) the libraries
 should have an rpath.

 -- 
 Viktor.

 Hi Viktor.   It would sound logical. But how could I then enforce the runpath 
to be set in the libraries?   Hiran
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Build from source; library not found?

2017-05-17 Thread Hiran Chaudhuri 
I just verified. The required shared libraries and runpath settings are part of 
the dynamic section in elf files. 

readelf -d openssl 

displays a runpath, while 

readelf -d libssl.so.1.0.0 

does not show a runpath. 

Therefore my test was wrong. I cannot check shared libraries directly. 

 Am 17-May-2017 16:40:40 +0200 schrieb hiran.chaudh...@mail.de: 
Now this is interesting. Yes, openssl can find both the libraries libssl and 
libcrypto. Would that imply that rpath is only a setting for application 
(executables) but not for shared libraries? In that case the test I tried would 
be totally meaningless.   Hiran
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Build from source; library not found?

2017-05-17 Thread Hiran Chaudhuri 
Hi Richard.
   Thank you for the fast response. 

 Am 17-May-2017 15:40:27 +0200 schrieb levi...@openssl.org: 
The are two ways to handle this. One is with the usual setting of
 LD_LIBRARY_PATH:

 $ LD_LIBRARY_PATH=`pwd` ldd libssl.so.1.0.0 Yes, this seems to work. Somehow 
I'd like to avoid having to tell every user to use the correct settings.   
The other is, when you compile your application, to use
 -Wl,-rpath,/prefix/openssl/lib Where would these options typically go? One of 
the applications is curl, which worked when I set 
"LDFLAGS=-R/prefix/openssl/lib" when doing configure/make/make install in the 
curl build directory. One of the applications is Apache httpd, which seems to 
not work when doing the same. So I'd definitely try your suggestion.   
Incidently, I think that when you do this, you'll find that it finds
 your libraries all right:

 $ ldd /prefix/openssl/bin/openssl Now this is interesting. Yes, openssl can 
find both the libraries libssl and libcrypto. Would that imply that rpath is 
only a setting for application (executables) but not for shared libraries? In 
that case the test I tried would be totally meaningless.   Hiran
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Build from source; library not found?

2017-05-17 Thread Hiran Chaudhuri 
Hi there.   I have been building Openssl for quite some time now. Just recently 
I switched to shared mode that will also create shared libraries. What I am 
wondering about: After configure/make/make install I find the expected 
libraries in the desired output directory. Why can ldd not resolve a librarie's 
dependencies? The target file is just in the same directory!   
user@server:/prefix/openssl/lib> ls
engines libcrypto.a libcrypto.so libcrypto.so.1.0.0 libssl.a libssl.so 
libssl.so.1.0.0 pkgconfig
user@server:/prefix/openssl/lib> ldd libssl.so.1.0.0
 linux-vdso.so.1 => (0x7ffdae1fb000)
 libcrypto.so.1.0.0 => not found
 libdl.so.2 => /lib64/libdl.so.2 (0x7f8173425000)
 libc.so.6 => /lib64/libc.so.6 (0x7f81730a9000)
 /lib64/ld-linux-x86-64.so.2 (0x7f81738ad000)
user@server:/prefix/openssl/lib>   Is this normal behaviour? Or is it because I 
entered a prefix that is not part of the system's default lib path?   Hiran
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users