There is a define to allow this: STATIC_LEGACY but I don't remember how
to specify it on the configuration command line.
We should probably turn this on in a no-shared build.
Pauli
On 22/2/22 5:37 pm, Shunichi Shinohara wrote:
Hi List,
I have a question about OpenSSL 3.0 and static linking.
Short version: Is it possible to include the legacy provider in libcrypt.a?
Somewhat long version below.
As a background of the question I'm using OpenSSL with Erlang/OTP [1] on Linux
and want to static link OpenSSL library. With OpenSSL 1.1.1, it works nice,
but I couldn't make it work well with OpenSSL 3.0.1.
Build steps:
curl -LO https://www.openssl.org/source/openssl-3.0.1.tar.gz
tar xvfz openssl-3.0.1.tar.gz
cd openssl-3.0.1
./config --prefix=$HOME/local/openssl-3.0.1 no-shared
make -j && make install_sw
After Building Erlang/OTP with it and moving $HOME/local/openssl-3.0.1/lib64 to
$HOME/tmp, my (Erlang) code fails at OSSL_PROVIDER_load(NULL, "legacy"):
https://github.com/erlang/otp/blob/OTP-25.0-rc1/lib/crypto/c_src/crypto.c#L224
What I found are:
- there are two library files under $HOME/local/openssl-3.0.1/lib64, libcrypt.a
and ossl-modules/legacy.so, and
- if I pass the environment variable OPENSSL_MODULES=$HOME/tmp in
launching Erlang,
all work well.
https://github.com/openssl/openssl/blob/b19fcc66d382357617744690dc3363947de2cb6f/doc/man3/OSSL_PROVIDER.pod
So, copying legacy.so and adding an environment variable can be an option.
Before going with the option, I want to confirm whether including legacy in
libcrypt.a in possible or not.
[1] https://www.erlang.org/
Thanks in advance!
Shino