2 existing openssls conflicting in FreeBSD 14
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Mar 7 22:37:45 UTC 2024
On Wed, Mar 06, 2024 at 09:03:00PM -0700, The Doctor via openssl-users wrote:
> The first I have seen this
>
> /usr/local/bin/openssl version -a
> ld-elf.so.1: /usr/lib/libssl.so.3: version OPENSSL_3.2.0 required by /usr/local/bin/openssl not found
It seems that you're trying to build your own custom OpenSSL on a
FreeBSD system. The most robust way to do that is to use the
"shlib_variant" feature of the OpenSSL build. For example, I have
added a custom build configuration file:
$ cat Configurations/99-viktor.conf
my %targets = (
"linux-x86_64-rpk" => {
inherit_from => [ "linux-x86_64" ],
shlib_variant => "rpk",
},
"BSD-x86_64-rpk" => {
inherit_from => [ "BSD-x86_64" ],
shlib_variant => "rpk",
},
);
which I then use to build OpenSSL in a sibling directory of the source
tree as follows:
../openssl/Configure --prefix=/usr/local/siteexec -Wl,-R,/usr/local/siteexec/lib BSD-x86_64-rpk
[ Choose a "shlib_variant" tag that more accurately reflects your needs. ]
Which, after "make; make test; make install" results in:
$ ldd /usr/local/siteexec/bin/openssl
/usr/local/siteexec/bin/openssl:
libsslrpk.so.3 => /usr/local/siteexec/lib/libsslrpk.so.3 (0x325a52fb2000)
libcryptorpk.so.3 => /usr/local/siteexec/lib/libcryptorpk.so.3 (0x325a537a0000)
libthr.so.3 => /lib/libthr.so.3 (0x325a546ad000)
libc.so.7 => /lib/libc.so.7 (0x325a5525a000)
[vdso] (0x7ffffffff5d0)
$ readelf -d /usr/local/siteexec/bin/openssl | grep -E 'RUNPATH|NEEDED'
0x000000000000001d RUNPATH Library runpath: [/usr/local/siteexec/lib]
0x0000000000000001 NEEDED Shared library: [libsslrpk.so.3]
0x0000000000000001 NEEDED Shared library: [libcryptorpk.so.3]
0x0000000000000001 NEEDED Shared library: [libthr.so.3]
0x0000000000000001 NEEDED Shared library: [libc.so.7]
$ readelf -d /usr/local/siteexec/lib/libssl.so | grep -E 'RUNPATH|NEEDED|SONAME'
0x000000000000001d RUNPATH Library runpath: [/usr/local/siteexec/lib]
0x0000000000000001 NEEDED Shared library: [libcryptorpk.so.3]
0x0000000000000001 NEEDED Shared library: [libthr.so.3]
0x0000000000000001 NEEDED Shared library: [libc.so.7]
0x000000000000000e SONAME Library soname: [libsslrpk.so.3]
$ readelf -d /usr/local/siteexec/lib/libsslrpk.so.3 | grep -E 'RUNPATH|NEEDED|SONAME'
0x000000000000001d RUNPATH Library runpath: [/usr/local/siteexec/lib]
0x0000000000000001 NEEDED Shared library: [libcryptorpk.so.3]
0x0000000000000001 NEEDED Shared library: [libthr.so.3]
0x0000000000000001 NEEDED Shared library: [libc.so.7]
0x000000000000000e SONAME Library soname: [libsslrpk.so.3]
... similar results for libcrypto / libcryptorpk ...
$ /usr/local/siteexec/bin/openssl version -a
OpenSSL 3.2.2-dev (Library: OpenSSL 3.2.2-dev )
built on: Thu Feb 1 22:06:50 2024 UTC
platform: BSD-x86_64-rpk
options: bn(64,64)
compiler: cc -fPIC -pthread -Wa,--noexecstack -Qunused-arguments -Wall -O3 -DL_ENDIAN -DOPENSSL_PIC -D_THREAD_SAFE -D_REENTRANT -DOPENSSL_BUILDING_OPENSSL -DNDEBUG
OPENSSLDIR: "/usr/local/siteexec/ssl"
ENGINESDIR: "/usr/local/siteexec/lib/engines-3"
MODULESDIR: "/usr/local/siteexec/lib/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0x7ffaf3ffffebffff:0x29c6fbf
Then, for example, when I build Postfix against this libssl, I use:
OSSL=/usr/local/siteexec
OSSL_LDFLAGS="-Wl,-R,$OSSL/lib -L$OSSL/lib -lssl -lcrypto"
OSSL_CFLAGS="-I$OSSL/include"
make -f Makefile.init openssl_path=/usr/local/sitexec/bin/openssl \
"CCARGS=$OSSL_CFLAGS "'-DUSE_TLS ...' \
"AUXLIBS=$OSSL_LDFLAGS "'...' \
...
making sure to use:
- The relevant custom include directory,
- The relevant custom lib directory
- The relevant RUNPATH (-Wl,-R,...)
--
Viktor.
More information about the openssl-users
mailing list