Errors building 1.1.1 on RHEL 7
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Jul 19 02:54:13 UTC 2019
> On Jul 18, 2019, at 2:57 PM, Mark Richter <mrichter at solarflare.com> wrote:
>
> Also, once I figure out the build issues, how can I statically link the ssl libraries into my app? (That way we don't require our customers to build and install OpenSSL 1.1.1 pon their RHEL 7 hosts.) Are there any gotchas to doing this? E.g., our app also uses the curl library, which I believe uses the default openssl on the host.
Static linking has much worse library version conflicts than
dynamic linking if you're delivering a library, or if your
application will run on systems where the C-library (perhaps
through nsswitch modules) also loads the default OpenSSL.
You lose the isolation made possible by symbol versioning
with dynamic libraries.
If you want to ship code to users to deploy on their own
systems you should generally use whichever OpenSSL is
in the base platform. To deliver a custom OpenSSL,
for your application only, you'll need to build a
shlib_variant shared library and perhaps make its
location flexible using $ORIGIN in the dependent's
run path.
--
Viktor.
More information about the openssl-users
mailing list