httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <>
Subject Re: Linking mod_ssl with a specific OpenSSL version
Date Wed, 08 Aug 2012 06:00:25 GMT
On 06.08.2012 23:36, Rainer Jung wrote:
> On 05.08.2012 10:10, Kaspar Brand wrote:
>> It's a useful enhancement if mod_ssl can be linked with a specific
>> OpenSSL version in a non-default location, but the current approach has
>> at least one problem, AFAICT: it will only work if the directory pointed
>> to by --with-ssl does not include shared libraries for OpenSSL (by
>> default, OpenSSL only builds libssl.a and libcrypto.a, so the issue
>> might not be obvious at first sight).
> Why wouldn't it work with shared libs? Because they usually have 
> dependencies themselves that are ignored?

Sorry, "will only work" is inaccurate... what I was (implicitly)
assuming is that the OpenSSL build directory would not be part of the
standard library search path - i.e., unless LD_LIBRARY_PATH is adapted,
httpd won't find the proper libraries at startup.

Forcing the linker to prefer the static over the shared libraries in a
particular directory (like I tried in the preliminary patch with the
"-Wl,-Bstatic,-lssl,-lcrypto,-Bdynamic" linker options) turns out to be
too linker/platform specific, however - I have abandoned this idea
meanwhile. I'm not sure what to really do about it... perhaps add the
OpenSSL builddir with "-R" and leave the rest to libtool?

>>> I would suggest to use a separate
>>> configure argument to support this build option, e.g. --with-ssl-srcdir.
> We could, but I think if it would be easy to just add the logic to 
> with-ssl to also work with a src directory it would be easier to use. I 
> have no strong opinion on this though.

My thinking was that people should explicitly tell configure that they
want to link with the libs in a build directory (so that they don't
"accidentally" use a directory which might only temporarily exist -
that's also the primary reason for preferring the static over the shared
libs from that dir).

> I do like the idea to give with-ssl priority over pkgconfig. If a user 
> chooses the ssl directory explicitly that should not be overwritten by 
> pkgconfig. Of course one can still use pkgconfig info in the chosen 
> directory to find dependency libs etc.

OpenSSL doesn't have any further dependencies, AFAICT (cf. and the
"Requires: " line it adds to openssl.pc). Are you referring to the
--libs-only-other option for pkg-config?


View raw message