[openssl-users] OpenSSL and RPATH's (was: Cannot find SSL_CTX_get0_param in libssl library)
Jeffrey Walton
noloader at gmail.com
Sun May 28 21:51:04 UTC 2017
On Sun, May 28, 2017 at 5:31 PM, Salz, Rich <rsalz at akamai.com> wrote:
>> The openssl program will use the wrong libssl.so and libcrypto.so.
>
> Yes, got it.
>
> But that's small potatoes compared to everyone else finding the wrong shared library, and just saying "use rpath" doesn't help all those others.
OK, thanks.
So what are the problems here that need to be addressed? I think I
know some of them:
1. Build OpenSSL with an RPATH if installed in non-system location
2. Build user program with an RPATH if OpenSSL installed in non-system location
3. Use another mechanism when Linux RATH not available (OS X, Solaris, friends)
4. External build tools like Autotools and Cmake
Are there others?
OpenSSL build system should fix problem (1), like it does with BSDs.
The project should lead by example.
For (2) and (3), I think the best that can be done is (a) lead by
example as in (1); (b) ensure things like libcrypto.pc and libssl.pc
are up-to-date; and and (c) educate users. I realize the problems with
(c). If RTFM was going to work, then it would have happens in the last
50 years or so.
There's not much you can do with(4). They pick shitty flags, and they
are always going to be a problem. I advise *not* to build OpenSSL with
them, but Fan Boi's will still flock to them.
Jeff
More information about the openssl-users
mailing list