[openssl-users] -fPIC option missing for crypto/bn/x86_64-gcc.c and some other files in 1.0.2l that exists in 1.0.1m & 1.1.0c

Bill Smith bsmith at progress.com
Fri Jun 9 01:45:11 UTC 2017 

Thanks for the info.  It turns out that we had customized the configure script but the person who did it didn't document it correctly.  Once I got that sorted out, I was able to build it correctly.

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Michael Wojcik
Sent: Friday, June 02, 2017 10:58 AM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] -fPIC option missing for crypto/bn/x86_64-gcc.c and some other files in 1.0.2l that exists in 1.0.1m & 1.1.0c

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On 
> Behalf Of Bill Smith
> Sent: Friday, June 02, 2017 08:11
> 
> Looking at the openssl build output, sure enough, it's missing -fPIC.

This is one of the reasons why we use our own Configure script for OpenSSL. When we update to a new OpenSSL release, we diff its Configure against the one from the previous release, and decide whether we need to make corresponding edits to our own Configure. We also document what we've changed in our own Configure.

It looks like you're building OpenSSL into archive libraries that you then intend to link statically into your own shared objects. That's what my teams do as well. OpenSSL's Configure wants to either build OpenSSL itself as shared objects, or build archive libraries that aren't suitable for use in shared objects (i.e. lack -fPIC or whatever the local toolchain's equivalent is). At least that's the way it was back when we forked Configure in some 1.0.1 release, and we've continued to use our own Configure since.

It's not ideal, but in practice updating our Configure when we get a new OpenSSL 1.0.2 release has been trivial - it hardly takes any more time than downloading the tarball and checking the signature, and certainly much less than building and testing on all of the platforms we support.

And OpenSSL is still far less trouble for us than, say, OpenLDAP.

Michael Wojcik
Distinguished Engineer, Micro Focus 



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list