OpenSSL and RPATH's (was: Cannot find SSL_CTX_get0_param in libssl library)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, May 28, 2017 at 5:31 PM, Salz, Rich <rsalz@xxxxxxxxxx> wrote:
>> The openssl program will use the wrong libssl.so and libcrypto.so.
>
> Yes, got it.
>
> But that's small potatoes compared to everyone else finding the wrong shared library, and just saying "use rpath" doesn't help all those others.

OK, thanks.

So what are the problems here that need to be addressed? I think I
know some of them:

 1. Build OpenSSL with an RPATH if installed in non-system location
 2. Build user program with an RPATH if OpenSSL installed in non-system location
 3. Use another mechanism when Linux RATH not available (OS X, Solaris, friends)
 4. External build tools like Autotools and Cmake

Are there others?

OpenSSL build system should fix problem (1), like it does with BSDs.
The project should lead by example.

For (2) and (3), I think the best that can be done is (a) lead by
example as in (1); (b) ensure things like libcrypto.pc and libssl.pc
are up-to-date; and and (c) educate users. I realize the problems with
(c). If RTFM was going to work, then it would have happens in the last
50 years or so.

There's not much you can do with(4). They pick shitty flags, and they
are always going to be a problem. I advise *not* to build OpenSSL with
them, but Fan Boi's will still flock to them.

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux