[openssl-dev] how to static compile ssl engine into openssl
Richard Levitte
levitte at openssl.org
Tue Sep 26 05:32:06 UTC 2017
In message <31F771DF13463A429610AEEBF6AFAE820182EBC4 at mbx14.360buyAD.local> on Mon, 25 Sep 2017 10:16:28 +0000, 程文平 <chengwenping1 at jd.com> said:
chengwenping1> I’m working on accelerating ssl traffic with Intel QAT
chengwenping1> card, now openssl 1.1.0f is integrated into Nginx, so I
chengwenping1> need to static compile Intel QAT engine into openssl,
chengwenping1> and I do not find some useful info about it from
chengwenping1> Internet, although openssl-1.1.0f/engines/ build.info,
chengwenping1> it is not applicable from QAT engine from
chengwenping1> https://github.com/01org/QAT_Engine. Is there a guide
chengwenping1> line for this case?
Unforatunately, there is no such guide that I know of. I just had a
look in e_qat.c, and there seems to be support for doing that there
(see the sections guarded by OPENSSL_NO_DYNAMIC_ENGINES), but I can't
see any way to make use of that in their configuration.
If this is what you really want, I suggest you create an issue in the
QAT_Engine project... but you probably need to understand that you
may not get what you want, and if you do, it's probably going to be an
unsupported hack.
chengwenping1> There is another alternative to do it, just to alone
chengwenping1> compile openssl and nginx, but it will take effort to
chengwenping1> deploy it.
You mean to have nginx use the shared OpenSSL libraries, which also
enables dynamic engines? Yes, that's the usual way to go about these
things.
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-dev
mailing list