On a system with OpenSSL 1.0.2 or OpenSSL 1.1.0 in /usr/lib (on the default
search path), and especially when you're linking with other libraries that
in turn were linked against the OpenSSL version in /usr/lib, using OpenSSL
1.1.1 in your application requires care...
> On Jul 17, 2019, at 2:22 PM, Mark Richter <mrichter@xxxxxxxxxxxxxx> wrote:
>
> However, although I modified our make file to use '-I/usr/local/openssl/include' and '-L/usr/local/openssl/lib', I now see this warning:
>
> cc -DLOG_LEVEL=LOG_INFO -Wall -Werror -D__ci_driver__ -D__ci_ul_driver__ -D_GNU_SOURCE -DWITH_MCDI_V2 -DWITH_TLS12=0 -DSOLAR_SECURE_VERSION="1.0.3.1020 (3bf2875895d5+ Wed Jul 17 11:14:55 PDT 2019)" -Isrc/include -I/usr/local/openssl/include -Isrc/tools/mc-comms -Isrc/tools/mc-comms/include -Isrc/emulators/mbedtls/include -I/usr/include/json-c -g3 -fno-omit-frame-pointer build/src/tools/sfslc.o -o build/bin/sfslc -Lbuild/lib -L/usr/local/openssl/lib -lsfsl_api -lsf_core -lcm -lss -lcrypto -lpci -lcurl -lpthread -lrt -lssl -luuid -ljson-c
> /usr/bin/ld: warning: libssl.so.10, needed by /usr/lib64/libssh2.so.1, may conflict with libssl.so.1.1
> /usr/bin/ld: warning: libcrypto.so.10, needed by /usr/lib64/libssh2.so.1, may conflict with libcrypto.so.1.1
Specifically:
1. Choose some location that is not on the default library search path
to install the 1.1.1 custom libraries. I use /opt/openssl/1.1/lib
2. Configure your OpenSSL build to use the corresponding "rpath":
-Wl,-rpath,/opt/openssl/1.1/lib
3. Add a custom target platform to the "targets" array in
Configurations/<some-file>.conf. This can inherit from
the configuration you're using now, but add a setting
for "shlib_variant" as described in Configurations/README
...
inherit_from => "<your platform>",
shlib_variant => "-opt",
...
4. Build and install OpenSSL 1.1.1c with "--prefix=/opt/openssl/1.1"
or similar for the custom target platorm. Make sure that the
SONAME and symbol versions contain the "-opt" or "_OPT" tweak.
5. Link your application against this library:
-I/opt/openssl/1.1/include -L/opt/openssl/1.1/lib -Wl,-rpath,/opt/openssl/1.1/lib
6. Check with "readelf -d" that the application records the expected SONAME
for the OpenSSL library (libcrypto and/or libssl) dependencies.
You can now have your code using OpenSSL 1.1.1 and other libraries you use,
using whichever OpenSSL they were compiled with. However, you cannot pass
OpenSSL objects you create into such libraries, their use of OpenSSL must
be self-contained.
--
Viktor.
