2 existing openssls conflicting in FreeBSD 14

Viktor Dukhovni openssl-users at dukhovni.org
Thu Mar 7 22:37:45 UTC 2024


On Wed, Mar 06, 2024 at 09:03:00PM -0700, The Doctor via openssl-users wrote:

> The first I have seen this
> 
> /usr/local/bin/openssl version -a
> ld-elf.so.1: /usr/lib/libssl.so.3: version OPENSSL_3.2.0 required by /usr/local/bin/openssl not found

It seems that you're trying to build your own custom OpenSSL on a
FreeBSD system.  The most robust way to do that is to use the
"shlib_variant" feature of the OpenSSL build.  For example, I have
added a custom build configuration file:

    $ cat Configurations/99-viktor.conf
    my %targets = (
        "linux-x86_64-rpk" => {
            inherit_from     => [ "linux-x86_64" ],
            shlib_variant    => "rpk",
        },
        "BSD-x86_64-rpk" => {
            inherit_from     => [ "BSD-x86_64" ],
            shlib_variant    => "rpk",
        },
    );

which I then use to build OpenSSL in a sibling directory of the source
tree as follows:

    ../openssl/Configure --prefix=/usr/local/siteexec -Wl,-R,/usr/local/siteexec/lib BSD-x86_64-rpk

[ Choose a "shlib_variant" tag that more accurately reflects your needs. ]

Which, after "make; make test; make install" results in:

    $ ldd /usr/local/siteexec/bin/openssl
    /usr/local/siteexec/bin/openssl:
            libsslrpk.so.3 => /usr/local/siteexec/lib/libsslrpk.so.3 (0x325a52fb2000)
            libcryptorpk.so.3 => /usr/local/siteexec/lib/libcryptorpk.so.3 (0x325a537a0000)
            libthr.so.3 => /lib/libthr.so.3 (0x325a546ad000)
            libc.so.7 => /lib/libc.so.7 (0x325a5525a000)
            [vdso] (0x7ffffffff5d0)

    $ readelf -d /usr/local/siteexec/bin/openssl | grep -E 'RUNPATH|NEEDED'
     0x000000000000001d RUNPATH              Library runpath: [/usr/local/siteexec/lib]
     0x0000000000000001 NEEDED               Shared library: [libsslrpk.so.3]
     0x0000000000000001 NEEDED               Shared library: [libcryptorpk.so.3]
     0x0000000000000001 NEEDED               Shared library: [libthr.so.3]
     0x0000000000000001 NEEDED               Shared library: [libc.so.7]

    $ readelf -d /usr/local/siteexec/lib/libssl.so | grep -E 'RUNPATH|NEEDED|SONAME'
     0x000000000000001d RUNPATH              Library runpath: [/usr/local/siteexec/lib]
     0x0000000000000001 NEEDED               Shared library: [libcryptorpk.so.3]
     0x0000000000000001 NEEDED               Shared library: [libthr.so.3]
     0x0000000000000001 NEEDED               Shared library: [libc.so.7]
     0x000000000000000e SONAME               Library soname: [libsslrpk.so.3]

    $ readelf -d /usr/local/siteexec/lib/libsslrpk.so.3 | grep -E 'RUNPATH|NEEDED|SONAME'
     0x000000000000001d RUNPATH              Library runpath: [/usr/local/siteexec/lib]
     0x0000000000000001 NEEDED               Shared library: [libcryptorpk.so.3]
     0x0000000000000001 NEEDED               Shared library: [libthr.so.3]
     0x0000000000000001 NEEDED               Shared library: [libc.so.7]
     0x000000000000000e SONAME               Library soname: [libsslrpk.so.3]

    ... similar results for libcrypto / libcryptorpk ...

    $ /usr/local/siteexec/bin/openssl version -a
    OpenSSL 3.2.2-dev  (Library: OpenSSL 3.2.2-dev )
    built on: Thu Feb  1 22:06:50 2024 UTC
    platform: BSD-x86_64-rpk
    options:  bn(64,64)
    compiler: cc -fPIC -pthread -Wa,--noexecstack -Qunused-arguments -Wall -O3 -DL_ENDIAN -DOPENSSL_PIC -D_THREAD_SAFE -D_REENTRANT -DOPENSSL_BUILDING_OPENSSL -DNDEBUG
    OPENSSLDIR: "/usr/local/siteexec/ssl"
    ENGINESDIR: "/usr/local/siteexec/lib/engines-3"
    MODULESDIR: "/usr/local/siteexec/lib/ossl-modules"
    Seeding source: os-specific
    CPUINFO: OPENSSL_ia32cap=0x7ffaf3ffffebffff:0x29c6fbf

Then, for example, when I build Postfix against this libssl, I use:

    OSSL=/usr/local/siteexec
    OSSL_LDFLAGS="-Wl,-R,$OSSL/lib -L$OSSL/lib -lssl -lcrypto"
    OSSL_CFLAGS="-I$OSSL/include"

    make -f Makefile.init openssl_path=/usr/local/sitexec/bin/openssl \
        "CCARGS=$OSSL_CFLAGS "'-DUSE_TLS ...' \
        "AUXLIBS=$OSSL_LDFLAGS "'...' \
        ...

making sure to use:

    - The relevant custom include directory,
    - The relevant custom lib directory
    - The relevant RUNPATH (-Wl,-R,...)

-- 
    Viktor.


More information about the openssl-users mailing list