[openssl-dev] 答复: how to static compile ssl engine into openssl

程文平 chengwenping1 at jd.com
Tue Sep 26 09:42:42 UTC 2017 

Hi Richard,

	Thanks for your response. From your meaning, the QAT engine codes is not applicable for static compile into openssl.
	Yes, I should keep to run nginx using shared OpenSSL libraries with dynamic QAT engines installed, until QAT engine static compiling is support.

	Thank,

	Nick Cheng
-----邮件原件-----
发件人: openssl-dev [mailto:openssl-dev-bounces at openssl.org] 代表 Richard Levitte
发送时间: 2017年9月26日 13:32
收件人: openssl-dev at openssl.org
主题: Re: [openssl-dev] how to static compile ssl engine into openssl

In message <31F771DF13463A429610AEEBF6AFAE820182EBC4 at mbx14.360buyAD.local> on Mon, 25 Sep 2017 10:16:28 +0000, 程文平 <chengwenping1 at jd.com> said:

chengwenping1> I’m working on accelerating ssl traffic with Intel QAT 
chengwenping1> card, now openssl 1.1.0f is integrated into Nginx, so I 
chengwenping1> need to static compile Intel QAT engine into openssl, and 
chengwenping1> I do not find some useful info about it from Internet, 
chengwenping1> although openssl-1.1.0f/engines/ build.info, it is not 
chengwenping1> applicable from QAT engine from 
chengwenping1> https://github.com/01org/QAT_Engine. Is there a guide 
chengwenping1> line for this case?

Unforatunately, there is no such guide that I know of.  I just had a look in e_qat.c, and there seems to be support for doing that there (see the sections guarded by OPENSSL_NO_DYNAMIC_ENGINES), but I can't see any way to make use of that in their configuration.

If this is what you really want, I suggest you create an issue in the QAT_Engine project...  but you probably need to understand that you may not get what you want, and if you do, it's probably going to be an unsupported hack.

chengwenping1> There is another alternative to do it, just to alone 
chengwenping1> compile openssl and nginx, but it will take effort to 
chengwenping1> deploy it.

You mean to have nginx use the shared OpenSSL libraries, which also enables dynamic engines?  Yes, that's the usual way to go about these things.

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

More information about the openssl-dev mailing list