[openssl-users] -fPIC option missing for crypto/bn/x86_64-gcc.c and some other files in 1.0.2l that exists in 1.0.1m & 1.1.0c

Michael Wojcik Michael.Wojcik at microfocus.com
Fri Jun 2 14:58:12 UTC 2017


> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Bill Smith
> Sent: Friday, June 02, 2017 08:11
> 
> Looking at the openssl build output, sure enough, it's missing -fPIC.

This is one of the reasons why we use our own Configure script for OpenSSL. When we update to a new OpenSSL release, we diff its Configure against the one from the previous release, and decide whether we need to make corresponding edits to our own Configure. We also document what we've changed in our own Configure.

It looks like you're building OpenSSL into archive libraries that you then intend to link statically into your own shared objects. That's what my teams do as well. OpenSSL's Configure wants to either build OpenSSL itself as shared objects, or build archive libraries that aren't suitable for use in shared objects (i.e. lack -fPIC or whatever the local toolchain's equivalent is). At least that's the way it was back when we forked Configure in some 1.0.1 release, and we've continued to use our own Configure since.

It's not ideal, but in practice updating our Configure when we get a new OpenSSL 1.0.2 release has been trivial - it hardly takes any more time than downloading the tarball and checking the signature, and certainly much less than building and testing on all of the platforms we support.

And OpenSSL is still far less trouble for us than, say, OpenLDAP.

Michael Wojcik 
Distinguished Engineer, Micro Focus 





More information about the openssl-users mailing list