[openssl-commits] [openssl] master update

Andy Polyakov appro at openssl.org
Tue Jun 26 10:29:13 UTC 2018 

The branch master has been updated
       via  2c879241baaf9115e8ebbe228e1a624564eea64c (commit)
      from  32f803d88ec3df7f95dfbf840c271f7438ce3357 (commit)


- Log -----------------------------------------------------------------
commit 2c879241baaf9115e8ebbe228e1a624564eea64c
Author: Andy Polyakov <appro at openssl.org>
Date:   Fri Jun 22 14:13:59 2018 +0200

    NOTES.UNIX: add "Linking your application" paragraph
    
    ... and mention more runtime search path flags.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6587)

-----------------------------------------------------------------------

Summary of changes:
 NOTES.UNIX | 44 +++++++++++++++++++++++++++++++++++---------
 1 file changed, 35 insertions(+), 9 deletions(-)

diff --git a/NOTES.UNIX b/NOTES.UNIX
index 284da10..6c291cb 100644
--- a/NOTES.UNIX
+++ b/NOTES.UNIX
@@ -24,12 +24,12 @@
  Every Unix system has its own set of default locations for shared
  libraries, such as /lib, /usr/lib or possibly /usr/local/lib.  If
  libraries are installed in non-default locations, dynamically linked
- binaries will not find them and therefore fail to run unless they get a
- bit of help from a defined runtime shared library search path.
+ binaries will not find them and therefore fail to run, unless they get
+ a bit of help from a defined runtime shared library search path.
 
  For OpenSSL's application (the 'openssl' command), our configuration
  scripts do NOT generally set the runtime shared library search path for
- you.  It's therefore advisable to set it explicitly when configuring
+ you.  It's therefore advisable to set it explicitly when configuring,
  unless the libraries are to be installed in directories that you know
  to be in the default list.
 
@@ -42,14 +42,15 @@
  Possible options to set the runtime shared library search path include
  the following:
 
-    -Wl,-rpath,/whatever/path
-    -R /whatever/path
-    -rpath /whatever/path
+    -Wl,-rpath,/whatever/path	# Linux, *BSD, etc.
+    -R /whatever/path		# Solaris
+    -Wl,-R,/whatever/path	# AIX (-bsvr4 is passed internally)
+    -Wl,+b,/whatever/path	# HP-UX
+    -rpath /whatever/path	# Tru64, IRIX
 
  OpenSSL's configuration scripts recognise all these options and pass
- them to the Makefile that they build.  (In fact, it recognises anything
- starting with '-Wl,' as a linker option, so for example, HP-UX'
- '-Wl,+b,/whatever/path' would be used correctly)
+ them to the Makefile that they build. (In fact, all arguments starting
+ with '-Wl,' are recognised as linker options.)
 
  Please do not use verbatim directories in your runtime shared library
  search path!  Some OpenSSL config targets add an extra directory level
@@ -89,3 +90,28 @@
 
     $ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
         '-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)'
+
+ It might be worth noting that some/most ELF systems implement support
+ for runtime search path relative to the directory containing current
+ executable, by interpreting $ORIGIN along with some other internal
+ variables. Consult your system documentation.
+
+ Linking your application
+ ------------------------
+
+ Third-party applications dynamically linked with OpenSSL (or any other)
+ shared library face exactly the same problem with non-default locations.
+ The OpenSSL config options mentioned above might or might not have bearing
+ on linking of the target application. "Might" means that under some
+ circumstances it would be sufficient to link with OpenSSL shared library
+ "naturally", i.e. with -L/whatever/path -lssl -lcrypto. But there are
+ also cases when you'd have to explicitly specify runtime search path
+ when linking your application. Consult your system documentation and use
+ above section as inspiration...
+
+ Shared OpenSSL builds also install static libraries. Linking with the
+ latter is likely to require special care, because linkers usually look
+ for shared libraries first and tend to remain "blind" to static OpenSSL
+ libraries. Referring to system documentation would suffice, if not for
+ a corner case. On AIX static libraries (in shared build) are named
+ differently, add _a suffix to link with them, e.g. -lcrypto_a.

More information about the openssl-commits mailing list