[openssl-commits] [openssl] master update

Andy Polyakov appro at openssl.org
Sat Sep 3 08:31:26 UTC 2016

The branch master has been updated
       via  047d97afd97520eae268f6d8a36fbf9a0239a994 (commit)
      from  c1ec40ef1d9b487061f4f9e2843d4a1894f96660 (commit)

- Log -----------------------------------------------------------------
commit 047d97afd97520eae268f6d8a36fbf9a0239a994
Author: Andy Polyakov <appro at openssl.org>
Date:   Thu Sep 1 21:36:13 2016 +0200

    Configure: clarify and refine -static.
    Reviewed-by: Richard Levitte <levitte at openssl.org>


Summary of changes:
 Configure | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/Configure b/Configure
index 0a1b68a..86e30d9 100755
--- a/Configure
+++ b/Configure
@@ -66,6 +66,22 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
 # no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
 # -<xxx> +<xxx> compiler options are passed through
+# -static       while -static is also a pass-through compiler option (and
+#               as such is limited to environments where it's actually
+#               meaningful), it triggers a number configuration options,
+#               namely no-dso, no-pic, no-shared and no-threads. It is
+#               argued that the only reason to produce statically linked
+#               binaries (and in context it means executables linked with
+#               -static flag, and not just executables linked with static
+#               libcrypto.a) is to eliminate dependency on specific run-time,
+#               a.k.a. libc version. The mentioned config options are meant
+#               to achieve just that. Unfortunately on Linux it's impossible
+#               to eliminate the dependency completely for openssl executable
+#               because of getaddrinfo and gethostbyname calls, which can
+#               invoke dynamically loadable library facility anyway to meet
+#               the lookup requests. For this reason on Linux statically
+#               linked openssl executable has rather debugging value than
+#               production quality.
 # DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
 #		provided to stack calls. Generates unique stack functions for
@@ -715,6 +731,7 @@ foreach (@argvcopy)
 		elsif (/^-static$/)
 			$libs.=$_." ";
+			$disabled{"dso"} = "forced";
 			$disabled{"pic"} = "forced";
 			$disabled{"shared"} = "forced";
 			$disabled{"threads"} = "forced";

More information about the openssl-commits mailing list