Errors building 1.1.1 on RHEL 7

Mark Richter mrichter at solarflare.com
Thu Jul 18 00:54:51 UTC 2019 

I'm still really new at this - a few questions:

-----Original Message-----
From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Viktor Dukhovni
Sent: Wednesday, July 17, 2019 12:42 PM
To: openssl-users at openssl.org
Subject: Re: Errors building 1.1.1 on RHEL 7

On a system with OpenSSL 1.0.2 or OpenSSL 1.1.0 in /usr/lib (on the default search path), and especially when you're linking with other libraries that in turn were linked against the OpenSSL version in /usr/lib, using OpenSSL
1.1.1 in your application requires care...

Specifically:

  1. Choose some location that is not on the default library search path
     to install the 1.1.1 custom libraries.  I use /opt/openssl/1.1/lib
> How do I specify that?  A config parameter (and which one)?

  2. Configure your OpenSSL build to use the corresponding "rpath":
     -Wl,-rpath,/opt/openssl/1.1/lib
> Again, how do I specify that?

  3. Add a custom target platform to the "targets" array in
     Configurations/<some-file>.conf.  This can inherit from
     the configuration you're using now, but add a setting
     for "shlib_variant" as described in Configurations/README

...
inherit_from => "<your platform>",
shlib_variant => "-opt",
...
> I can find that...

  4. Build and install OpenSSL 1.1.1c with "--prefix=/opt/openssl/1.1"
     or similar for the custom target platorm.  Make sure that the
     SONAME and symbol versions contain the "-opt" or "_OPT" tweak.
> Not familiar with that tweak.

  5. Link your application against this library:

-I/opt/openssl/1.1/include -L/opt/openssl/1.1/lib -Wl,-rpath,/opt/openssl/1.1/lib
> Can do.

  6.  Check with "readelf -d" that the application records the expected SONAME
      for the OpenSSL library (libcrypto and/or libssl) dependencies.
> Can do.

You can now have your code using OpenSSL 1.1.1 and other libraries you use, using whichever OpenSSL they were compiled with.  However, you cannot pass OpenSSL objects you create into such libraries, their use of OpenSSL must be self-contained.

--
Viktor.

The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error, please notify the sender immediately and delete the message. Unless you are an addressee (or authorized to receive for an addressee), you may not use, copy or disclose to anyone this message or any information contained in this message. The unauthorized use, disclosure, copying or alteration of this message is strictly prohibited.

More information about the openssl-users mailing list