[openssl-users] OpenSSL and RPATH's

PGNet Dev pgnet.dev at gmail.com
Wed May 31 15:11:31 UTC 2017 

On 5/31/17 3:16 AM, Wouter Verhelst wrote:
> On 30-05-17 18:12, PGNet Dev wrote:
> [...]
>> with lots of apps still not at all v110
>> compatible, or at best broken in their attempts, having local builds of
>> both v110x and v102x is extremely useful -- and RPATH'ing makes that
>> trivially manageable.
> 
> That's exactly my point -- you don't need to use RPATH to handle that
> (very common) case. You just need to link against the correct .so file
> at compile time (which can be handled by installing them in separate
> directories and using -L to specify which one to link to); the runtime
> dynamic linker will then find a v1.1 version of OpenSSL for applications
> compiled against 1.1.0x, or a v1.0.2 version for applications compiled
> against 1.0.2x. It's that simple.
> 
> RPATH is useful if the SONAME is the same but the libraries aren't, for
> whatever reason (e.g., local patches). Other than that, you don't need
> it, 

Not quite.

System Install
	ls -al /usr/lib64/lib{ssl,crypto}.*
		lrwxrwxrwx 1 root root 25 Feb 16 16:54 /usr/lib64/libcrypto.so -> /lib64/libcrypto.so.1.0.0*
		lrwxrwxrwx 1 root root 22 Feb 16 16:54 /usr/lib64/libssl.so -> /lib64/libssl.so.1.0.0*
	ldd /usr/lib64/libssl.so | egrep "ssl|crypto"
		libcrypto.so.1.0.0 => /lib64/libcrypto.so.1.0.0 (0x00007f390d0eb000)

Local Install
	ls -al /usr/local/openssl10/lib64/lib{ssl,crypto}.*
		-rw-r--r--+ 1 root root 4.7M May 30 08:38 /usr/local/openssl10/lib64/libcrypto.a
		lrwxrwxrwx  1 root root   18 May 30 08:38 /usr/local/openssl10/lib64/libcrypto.so -> libcrypto.so.1.0.0*
		-r-xr-xr-x+ 1 root root 2.9M May 30 08:38 /usr/local/openssl10/lib64/libcrypto.so.1.0.0*
		-rw-r--r--+ 1 root root 737K May 30 08:38 /usr/local/openssl10/lib64/libssl.a
		lrwxrwxrwx  1 root root   15 May 30 08:38 /usr/local/openssl10/lib64/libssl.so -> libssl.so.1.0.0*
		-r-xr-xr-x+ 1 root root 503K May 30 08:38 /usr/local/openssl10/lib64/libssl.so.1.0.0*
	ldd /usr/local/openssl10/lib64/libssl.so | egrep "ssl|crypto"
		libcrypto.so.1.0.0 => /usr/local/openssl10/lib64/libcrypto.so.1.0.0 (0x00007f3bcd526000)

Local Install
	ls -al /usr/local/openssl11/lib64/lib{ssl,crypto}.*
		-rw-r--r--+ 1 root root 4.9M May 30 08:50 /usr/local/openssl11/lib64/libcrypto.a
		lrwxrwxrwx  1 root root   16 May 30 08:50 /usr/local/openssl11/lib64/libcrypto.so -> libcrypto.so.1.1*
		-rwxr-xr-x+ 1 root root 3.0M May 30 08:50 /usr/local/openssl11/lib64/libcrypto.so.1.1*
		-rw-r--r--+ 1 root root 745K May 30 08:50 /usr/local/openssl11/lib64/libssl.a
		lrwxrwxrwx  1 root root   13 May 30 08:50 /usr/local/openssl11/lib64/libssl.so -> libssl.so.1.1*
		-rwxr-xr-x+ 1 root root 509K May 30 08:50 /usr/local/openssl11/lib64/libssl.so.1.1*
	ldd /usr/local/openssl11/lib64/libssl.so | egrep "ssl|crypto"
		libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007f4be3d5d000)

etc ...

> and it's generally a bad idea.

And, IMO, that's just bad advice.  RPATH is perfectly fine, and this^ is exactly what it exists for.  Feel free to use it or not, but don't FUD perfectly legitimate functionality as a 'bad idea'.

More information about the openssl-users mailing list