> On Jul 18, 2019, at 2:57 PM, Mark Richter <mrichter@xxxxxxxxxxxxxx> wrote: > > Also, once I figure out the build issues, how can I statically link the ssl libraries into my app? (That way we don't require our customers to build and install OpenSSL 1.1.1 pon their RHEL 7 hosts.) Are there any gotchas to doing this? E.g., our app also uses the curl library, which I believe uses the default openssl on the host. Static linking has much worse library version conflicts than dynamic linking if you're delivering a library, or if your application will run on systems where the C-library (perhaps through nsswitch modules) also loads the default OpenSSL. You lose the isolation made possible by symbol versioning with dynamic libraries. If you want to ship code to users to deploy on their own systems you should generally use whichever OpenSSL is in the base platform. To deliver a custom OpenSSL, for your application only, you'll need to build a shlib_variant shared library and perhaps make its location flexible using $ORIGIN in the dependent's run path. -- Viktor.
