[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Andy Polyakov
appro at openssl.org
Wed Sep 21 19:39:13 UTC 2016
The branch OpenSSL_1_1_0-stable has been updated
via f757ce2a3df9c16c2ddbf83bf1725f6a89bccade (commit)
from 1fdeda4cc994845998c9f017d300e6aecc7b5128 (commit)
- Log -----------------------------------------------------------------
commit f757ce2a3df9c16c2ddbf83bf1725f6a89bccade
Author: Andy Polyakov <appro at openssl.org>
Date: Thu Sep 1 21:36:13 2016 +0200
Configure: clarify and refine -static.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(cherry picked from commit 047d97afd97520eae268f6d8a36fbf9a0239a994)
-----------------------------------------------------------------------
Summary of changes:
Configure | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/Configure b/Configure
index e919066..04efe67 100755
--- a/Configure
+++ b/Configure
@@ -66,6 +66,22 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
+# -static while -static is also a pass-through compiler option (and
+# as such is limited to environments where it's actually
+# meaningful), it triggers a number configuration options,
+# namely no-dso, no-pic, no-shared and no-threads. It is
+# argued that the only reason to produce statically linked
+# binaries (and in context it means executables linked with
+# -static flag, and not just executables linked with static
+# libcrypto.a) is to eliminate dependency on specific run-time,
+# a.k.a. libc version. The mentioned config options are meant
+# to achieve just that. Unfortunately on Linux it's impossible
+# to eliminate the dependency completely for openssl executable
+# because of getaddrinfo and gethostbyname calls, which can
+# invoke dynamically loadable library facility anyway to meet
+# the lookup requests. For this reason on Linux statically
+# linked openssl executable has rather debugging value than
+# production quality.
#
# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
# provided to stack calls. Generates unique stack functions for
@@ -715,6 +731,7 @@ foreach (@argvcopy)
elsif (/^-static$/)
{
$libs.=$_." ";
+ $disabled{"dso"} = "forced";
$disabled{"pic"} = "forced";
$disabled{"shared"} = "forced";
$disabled{"threads"} = "forced";
More information about the openssl-commits
mailing list