Errors building 1.1.1 on RHEL 7

Viktor Dukhovni openssl-users at dukhovni.org
Wed Jul 17 19:41:40 UTC 2019 

On a system with OpenSSL 1.0.2 or OpenSSL 1.1.0 in /usr/lib (on the default
search path), and especially when you're linking with other libraries that
in turn were linked against the OpenSSL version in /usr/lib, using OpenSSL
1.1.1 in your application requires care...

> On Jul 17, 2019, at 2:22 PM, Mark Richter <mrichter at solarflare.com> wrote:
> 
> However, although I modified our make file to use '-I/usr/local/openssl/include' and '-L/usr/local/openssl/lib', I now see this warning:
> 
> cc -DLOG_LEVEL=LOG_INFO -Wall -Werror -D__ci_driver__ -D__ci_ul_driver__ -D_GNU_SOURCE -DWITH_MCDI_V2 -DWITH_TLS12=0 -DSOLAR_SECURE_VERSION="1.0.3.1020 (3bf2875895d5+ Wed Jul 17 11:14:55 PDT 2019)" -Isrc/include -I/usr/local/openssl/include -Isrc/tools/mc-comms -Isrc/tools/mc-comms/include -Isrc/emulators/mbedtls/include -I/usr/include/json-c   -g3 -fno-omit-frame-pointer build/src/tools/sfslc.o -o build/bin/sfslc -Lbuild/lib -L/usr/local/openssl/lib  -lsfsl_api -lsf_core -lcm -lss -lcrypto  -lpci -lcurl -lpthread -lrt -lssl -luuid -ljson-c
> /usr/bin/ld: warning: libssl.so.10, needed by /usr/lib64/libssh2.so.1, may conflict with libssl.so.1.1
> /usr/bin/ld: warning: libcrypto.so.10, needed by /usr/lib64/libssh2.so.1, may conflict with libcrypto.so.1.1

Specifically:

  1. Choose some location that is not on the default library search path
     to install the 1.1.1 custom libraries.  I use /opt/openssl/1.1/lib

  2. Configure your OpenSSL build to use the corresponding "rpath":
     -Wl,-rpath,/opt/openssl/1.1/lib

  3. Add a custom target platform to the "targets" array in
     Configurations/<some-file>.conf.  This can inherit from
     the configuration you're using now, but add a setting
     for "shlib_variant" as described in Configurations/README

	...
	inherit_from => "<your platform>",
	shlib_variant => "-opt",
	...

  4. Build and install OpenSSL 1.1.1c with "--prefix=/opt/openssl/1.1"
     or similar for the custom target platorm.  Make sure that the
     SONAME and symbol versions contain the "-opt" or "_OPT" tweak.

  5. Link your application against this library:

	-I/opt/openssl/1.1/include -L/opt/openssl/1.1/lib -Wl,-rpath,/opt/openssl/1.1/lib

  6.  Check with "readelf -d" that the application records the expected SONAME
      for the OpenSSL library (libcrypto and/or libssl) dependencies.

You can now have your code using OpenSSL 1.1.1 and other libraries you use,
using whichever OpenSSL they were compiled with.  However, you cannot pass
OpenSSL objects you create into such libraries, their use of OpenSSL must
be self-contained.

-- 
	Viktor.

More information about the openssl-users mailing list