Re: [openssl-users] Build from source; library not found?
Quick reaction, I am impressed. The part that triggered my wrong thoughts was the first sentence: "RPATH's are supported by default on the BSD platforms, but not others." It seemed platforms other than BSD will not get RPATH unless I take action. With that in mind I somehow understood I need to patch the config or configure scripts to get along. Maybe it should read something like "on BSD the run paths are automatically set. For other platforms, add these parameters to your configure line... Hiran Am 28. Mai 2017 23:27:27 MESZ schrieb Jeffrey Walton <noloa...@gmail.com>: >On Sun, May 28, 2017 at 5:16 PM, Hiran Chaudhuri ><hiran.chaudh...@mail.de> wrote: >> It seems I misread the referenced documentation the first time. >> >> This stuff contains the answer, it just was not clear to me that also >works >> on Linux. >> >https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs. >> >> With that, the libraries have run paths that show the correct target >> directories. Thanks to all for the hint. > >Arg... I consider confusing text a documentation bug. > >Is this better: >https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs >? > >Jeff >-- >openssl-users mailing list >To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Build from source; library not found?
It seems I misread the referenced documentation the first time. This stuff contains the answer, it just was not clear to me that also works on Linux. https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs. With that, the libraries have run paths that show the correct target directories. Thanks to all for the hint. Hiran Am 23-May-2017 22:26:38 +0200 schrieb hiran.chaudh...@mail.de: Hello Victor. So you manage to build OpenSSL with rpaths. Would you like to let me know how this can be achieved? Is CFLAGS the only change required? (from the documentation mentioned earlier it seems I would have to modify the configure script). Hiran Am 21-May-2017 06:51:55 +0200 schrieb openssl-us...@dukhovni.org: > On May 20, 2017, at 8:52 PM, Richard Levitte wrote: > > Err, it is correct insofar that it is how OpenSSL 1.0.2{x} is built. Perhaps by default, I routinely do builds of OpenSSL 1.0.2 in which the library rpaths are set. > It's possible it SHOULD be built differently, but that's a different > story. Here, the question was what's actually done. The choice of additional CFLAGS is up to the user. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Build from source; library not found?
Hello Victor. So you manage to build OpenSSL with rpaths. Would you like to let me know how this can be achieved? Is CFLAGS the only change required? (from the documentation mentioned earlier it seems I would have to modify the configure script). Hiran Am 21-May-2017 06:51:55 +0200 schrieb openssl-us...@dukhovni.org: > On May 20, 2017, at 8:52 PM, Richard Levitte wrote: > > Err, it is correct insofar that it is how OpenSSL 1.0.2{x} is built. Perhaps by default, I routinely do builds of OpenSSL 1.0.2 in which the library rpaths are set. > It's possible it SHOULD be built differently, but that's a different > story. Here, the question was what's actually done. The choice of additional CFLAGS is up to the user. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] automating my CA
Check out "let's encrypt" and the ACME protocol. There is also a free O SS implementation available. Hiran Am 19. Mai 2017 14:13:55 MESZ schrieb Jannis Ohms: >Hi, > >I need some kind of API which accepts CSRs and signs them > >Alot of Online certificate providers have some kind of REST API. > >Is there such an API available as OSS or do i have to write one myself > >-- >openssl-users mailing list >To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Build from source; library not found?
Am 19-May-2017 00:36:18 +0200 schrieb openssl-us...@dukhovni.org: > hiran.chaudhuri> Now this is interesting. Yes, openssl can find both the > libraries > hiran.chaudhuri> libssl and libcrypto. Would that imply that rpath is only a > setting > hiran.chaudhuri> for application (executables) but not for shared libraries? > hiran.chaudhuri> In that case the test I tried would be totally meaningless. > > Yes, that's correct. NO, it is not correct, shared libraries also have rpaths for their own dependencies. And when building OpenSSL for installation in non-default locations (not /usr/lib and the like) the libraries should have an rpath. -- Viktor. Hi Viktor. It would sound logical. But how could I then enforce the runpath to be set in the libraries? Hiran -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Build from source; library not found?
I just verified. The required shared libraries and runpath settings are part of the dynamic section in elf files. readelf -d openssl displays a runpath, while readelf -d libssl.so.1.0.0 does not show a runpath. Therefore my test was wrong. I cannot check shared libraries directly. Am 17-May-2017 16:40:40 +0200 schrieb hiran.chaudh...@mail.de: Now this is interesting. Yes, openssl can find both the libraries libssl and libcrypto. Would that imply that rpath is only a setting for application (executables) but not for shared libraries? In that case the test I tried would be totally meaningless. Hiran -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Build from source; library not found?
Hi Richard. Thank you for the fast response. Am 17-May-2017 15:40:27 +0200 schrieb levi...@openssl.org: The are two ways to handle this. One is with the usual setting of LD_LIBRARY_PATH: $ LD_LIBRARY_PATH=`pwd` ldd libssl.so.1.0.0 Yes, this seems to work. Somehow I'd like to avoid having to tell every user to use the correct settings. The other is, when you compile your application, to use -Wl,-rpath,/prefix/openssl/lib Where would these options typically go? One of the applications is curl, which worked when I set "LDFLAGS=-R/prefix/openssl/lib" when doing configure/make/make install in the curl build directory. One of the applications is Apache httpd, which seems to not work when doing the same. So I'd definitely try your suggestion. Incidently, I think that when you do this, you'll find that it finds your libraries all right: $ ldd /prefix/openssl/bin/openssl Now this is interesting. Yes, openssl can find both the libraries libssl and libcrypto. Would that imply that rpath is only a setting for application (executables) but not for shared libraries? In that case the test I tried would be totally meaningless. Hiran -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Build from source; library not found?
Hi there. I have been building Openssl for quite some time now. Just recently I switched to shared mode that will also create shared libraries. What I am wondering about: After configure/make/make install I find the expected libraries in the desired output directory. Why can ldd not resolve a librarie's dependencies? The target file is just in the same directory! user@server:/prefix/openssl/lib> ls engines libcrypto.a libcrypto.so libcrypto.so.1.0.0 libssl.a libssl.so libssl.so.1.0.0 pkgconfig user@server:/prefix/openssl/lib> ldd libssl.so.1.0.0 linux-vdso.so.1 => (0x7ffdae1fb000) libcrypto.so.1.0.0 => not found libdl.so.2 => /lib64/libdl.so.2 (0x7f8173425000) libc.so.6 => /lib64/libc.so.6 (0x7f81730a9000) /lib64/ld-linux-x86-64.so.2 (0x7f81738ad000) user@server:/prefix/openssl/lib> Is this normal behaviour? Or is it because I entered a prefix that is not part of the system's default lib path? Hiran -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users