[openssl-dev] Upcoming build system change

Richard Levitte levitte at openssl.org
Sat Jan 23 21:12:40 UTC 2016


In message <20160123210116.GB13479 at calimero.vinschen.de> on Sat, 23 Jan 2016 22:01:16 +0100, Corinna Vinschen <vinschen at redhat.com> said:

vinschen> On Jan 23 21:35, Kurt Roeckx wrote:
vinschen> > On Sat, Jan 23, 2016 at 09:27:58PM +0100, Corinna Vinschen wrote:
vinschen> > > 
vinschen> > > Last but not least, we have another problem with enginesdir.  To allow a
vinschen> > > rolling release cycle, we have to support multiple versions of openssl
vinschen> > > in parallel.  The problem here is that the enginesdir needs to be
vinschen> > > versioned to allow per-openssl version engines.  The build scripts don't
vinschen> > > allow for this.  Right now we're using a patch as the below one to tweak
vinschen> > > the configury to allow specifying the engines dir during build time.
vinschen> > > Would it hurt terribly to include something like the below patch?
vinschen> > 
vinschen> > In general, I would like to have a directory for the engines that
vinschen> > relates to OSSL_DYNAMIC_OLDEST.
vinschen> 
vinschen> That probably won't work for Cygwin.  The engines are linked against the
vinschen> versioned DLLs of the OpenSSL version they have been built for,  Even
vinschen> assuming binary compatibility, an engine linked against openssl-1.0 will
vinschen> pull in openssl-1.0 DLLs, even when loaded from openssl-1.1.  We have to
vinschen> keep the engines separate.

This is interesting, actually.  OSSL_DYNAMIC_OLDEST has some design
around it that's meant to permit EXACTLY that kind of mixture.  It's
in the macro IMPLEMENT_DYNAMIC_BIND_FN.  However, it's possible it's
not doing enough, and figuring out what else it needs to do is a
venture I think is worth spending some time on.

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


More information about the openssl-dev mailing list