[openssl-dev] how to static compile ssl engine into openssl

Thu Oct 12 02:53:13 UTC 2017

> On 26 Sep 2017, at 18:13, 程文平 <chengwenping1 at jd.com <mailto:chengwenping1 at jd.com>> wrote:
> 
> There is some more info.
> 
> https://github.com/01org/QAT_Engine/issues/9 <https://github.com/01org/QAT_Engine/issues/9>

Interesting. This issue was created by me last year, seems some people still struggling with combination of NGINX+OpenSSL+QAT.

Our solution is just to build OpenSSL dynamically with NGINX (although usually most Chinese companies I know like to build OpenSSL statically with NGINX).

> 
> -----邮件原件-----
> 发件人: 程文平 
> 发送时间: 2017年9月26日 17:43
> 收件人: openssl-dev at openssl.org <mailto:openssl-dev at openssl.org>
> 主题: 答复: [openssl-dev] how to static compile ssl engine into openssl
> 
> Hi Richard,
> 
> 	Thanks for your response. From your meaning, the QAT engine codes is not applicable for static compile into openssl.
> 	Yes, I should keep to run nginx using shared OpenSSL libraries with dynamic QAT engines installed, until QAT engine static compiling is support.
> 
> 	Thank,
> 
> 	Nick Cheng
> -----邮件原件-----
> 发件人: openssl-dev [mailto:openssl-dev-bounces at openssl.org <mailto:openssl-dev-bounces at openssl.org>] 代表 Richard Levitte
> 发送时间: 2017年9月26日 13:32
> 收件人: openssl-dev at openssl.org <mailto:openssl-dev at openssl.org>
> 主题: Re: [openssl-dev] how to static compile ssl engine into openssl
> 
> In message <31F771DF13463A429610AEEBF6AFAE820182EBC4 at mbx14.360buyAD.local <mailto:31F771DF13463A429610AEEBF6AFAE820182EBC4 at mbx14.360buyAD.local>> on Mon, 25 Sep 2017 10:16:28 +0000, 程文平 <chengwenping1 at jd.com <mailto:chengwenping1 at jd.com>> said:
> 
> chengwenping1> I’m working on accelerating ssl traffic with Intel QAT 
> chengwenping1> card, now openssl 1.1.0f is integrated into Nginx, so I 
> chengwenping1> need to static compile Intel QAT engine into openssl, and 
> chengwenping1> I do not find some useful info about it from Internet, 
> chengwenping1> although openssl-1.1.0f/engines/ build.info <http://build.info/>, it is not 
> chengwenping1> applicable from QAT engine from 
> chengwenping1> https://github.com/01org/QAT_Engine <https://github.com/01org/QAT_Engine>. Is there a guide 
> chengwenping1> line for this case?
> 
> Unforatunately, there is no such guide that I know of.  I just had a look in e_qat.c, and there seems to be support for doing that there (see the sections guarded by OPENSSL_NO_DYNAMIC_ENGINES), but I can't see any way to make use of that in their configuration.
> 
> If this is what you really want, I suggest you create an issue in the QAT_Engine project...  but you probably need to understand that you may not get what you want, and if you do, it's probably going to be an unsupported hack.
> 
> chengwenping1> There is another alternative to do it, just to alone 
> chengwenping1> compile openssl and nginx, but it will take effort to 
> chengwenping1> deploy it.
> 
> You mean to have nginx use the shared OpenSSL libraries, which also enables dynamic engines?  Yes, that's the usual way to go about these things.
> 
> Cheers,
> Richard
> 
> -- 
> Richard Levitte         levitte at openssl.org <mailto:levitte at openssl.org>
> OpenSSL Project         http://www.openssl.org/~levitte/ <http://www.openssl.org/~levitte/>
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev <https://mta.openssl.org/mailman/listinfo/openssl-dev>
> -- 
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev <https://mta.openssl.org/mailman/listinfo/openssl-dev>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20171012/bdc57636/attachment-0001.html>