[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Andy Polyakov appro at openssl.org
Wed Sep 21 19:39:13 UTC 2016

The branch OpenSSL_1_1_0-stable has been updated
       via  f757ce2a3df9c16c2ddbf83bf1725f6a89bccade (commit)
      from  1fdeda4cc994845998c9f017d300e6aecc7b5128 (commit)

- Log -----------------------------------------------------------------
commit f757ce2a3df9c16c2ddbf83bf1725f6a89bccade
Author: Andy Polyakov <appro at openssl.org>
Date:   Thu Sep 1 21:36:13 2016 +0200

    Configure: clarify and refine -static.
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (cherry picked from commit 047d97afd97520eae268f6d8a36fbf9a0239a994)


Summary of changes:
 Configure | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/Configure b/Configure
index e919066..04efe67 100755
--- a/Configure
+++ b/Configure
@@ -66,6 +66,22 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
 # no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
 # -<xxx> +<xxx> compiler options are passed through
+# -static       while -static is also a pass-through compiler option (and
+#               as such is limited to environments where it's actually
+#               meaningful), it triggers a number configuration options,
+#               namely no-dso, no-pic, no-shared and no-threads. It is
+#               argued that the only reason to produce statically linked
+#               binaries (and in context it means executables linked with
+#               -static flag, and not just executables linked with static
+#               libcrypto.a) is to eliminate dependency on specific run-time,
+#               a.k.a. libc version. The mentioned config options are meant
+#               to achieve just that. Unfortunately on Linux it's impossible
+#               to eliminate the dependency completely for openssl executable
+#               because of getaddrinfo and gethostbyname calls, which can
+#               invoke dynamically loadable library facility anyway to meet
+#               the lookup requests. For this reason on Linux statically
+#               linked openssl executable has rather debugging value than
+#               production quality.
 # DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
 #		provided to stack calls. Generates unique stack functions for
@@ -715,6 +731,7 @@ foreach (@argvcopy)
 		elsif (/^-static$/)
 			$libs.=$_." ";
+			$disabled{"dso"} = "forced";
 			$disabled{"pic"} = "forced";
 			$disabled{"shared"} = "forced";
 			$disabled{"threads"} = "forced";

More information about the openssl-commits mailing list