Confusion Configuring

Dr. Matthias St. Pierre Matthias.St.Pierre at ncp-e.com
Sat Dec 18 08:55:44 UTC 2021


Hal,

I just reread your initial post and noticed that my explanation is somewhat inconsistent
with your observations, since in your case the system openssl prints the expected path.

Nevertheless, using

    util/wrap.pl apps/openssl  ...

is the correct way to test your self-built application. And with the given information,
you should be able to figure out what precisely happens in your original case using
ldd an/or strace.

Matthias


> -----Original Message-----
> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Dr. Matthias St. Pierre
> Sent: Saturday, December 18, 2021 9:20 AM
> To: Hal Murray <halmurray+openssl at sonic.net>; openssl-users at openssl.org
> Subject: RE: Confusion Configuring
>
> For OpenSSL 3.0, it's better to use  util/wrap.pl instead.
>
> (Note: util/wrap.pl is created from util/wrap.pl.in by the Configure command)
>
> > -----Original Message-----
> > From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Dr. Matthias St. Pierre
> > Sent: Saturday, December 18, 2021 9:11 AM
> > To: Hal Murray <halmurray+openssl at sonic.net>; openssl-users at openssl.org
> > Subject: RE: Confusion Configuring
> >
> > Hal,
> >
> > > But when I run
> > >   ./apps/openssl version -d
> > > it says:
> > >   OPENSSLDIR: "/usr/local/ssl"
> > > I was expecting /etc/pki/tls from the Configure line above.
> > >
> > > What am I missing?  How do I tell it where to find the default certificates?
> >
> > It is very likely that your binary is actually loading the system's shared libraries instead of
> > the ones you just compiled. You can verify whether this using the `ldd` command, see below.
> >
> > There is a shared library wrapper called `shlib_wrap.sh` which can be used to run
> > the compiled application correctly without installing it:
> >
> > ## incorrect (without wrapper)
> > msp at msppc:~/src/openssl-1.1.1$ apps/openssl version -d
> > OPENSSLDIR: "/etc/ssl"
> >
> > ## correct (using the wrapper)
> > msp at msppc:~/src/openssl-1.1.1$ util/shlib_wrap.sh apps/openssl version -d
> > OPENSSLDIR: "/opt/openssl-1.1.1-dev/ssl"
> >
> > HTH,
> >
> > Matthias
> >
> >
> >
> >
> > ## ldd output without wrapper
> >
> > msp at msppc:~/src/openssl-1.1.1$ ldd apps/openssl
> >         linux-vdso.so.1 (0x00007fff05b81000)
> >         libssl.so.1.1 => /usr/lib64/libssl.so.1.1 (0x00007f6e46ade000)
> >         libcrypto.so.1.1 => /usr/lib64/libcrypto.so.1.1 (0x00007f6e46820000)
> >         libdl.so.2 => /lib64/libdl.so.2 (0x00007f6e4681a000)
> >         libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f6e467fa000)
> >         libc.so.6 => /lib64/libc.so.6 (0x00007f6e46641000)
> >         /lib64/ld-linux-x86-64.so.2 (0x00007f6e46c5d000)
> >
> > ## ldd output using the wrapper
> >
> > msp at msppc:~/src/openssl-1.1.1$ util/shlib_wrap.sh ldd apps/openssl
> >         linux-vdso.so.1 (0x00007ffd2032e000)
> >         libssl.so.1.1 => util/../libssl.so.1.1 (0x00007f4a34aeb000)
> >         libcrypto.so.1.1 => util/../libcrypto.so.1.1 (0x00007f4a347a2000)
> >         libdl.so.2 => /lib64/libdl.so.2 (0x00007f4a34785000)
> >         libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f4a34765000)
> >         libc.so.6 => /lib64/libc.so.6 (0x00007f4a345ac000)
> >         /lib64/ld-linux-x86-64.so.2 (0x00007f4a34c78000)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7448 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211218/bc9e4727/attachment.bin>


More information about the openssl-users mailing list