httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@links.org>
Subject Re: Linking mod_ssl with a specific OpenSSL version (Re: svn commit: r1358167 - in /httpd/httpd/trunk: acinclude.m4 modules/ssl/ssl_engine_init.c)
Date Wed, 08 Aug 2012 11:41:00 GMT
On Sun, Aug 5, 2012 at 1:10 AM, Kaspar Brand <httpd-dev.2012@velox.ch> wrote:
> On 08.07.2012 10:30, Kaspar Brand wrote:
>> On 06.07.2012 14:41, ben@apache.org wrote:
>>> Author: ben
>>> Date: Fri Jul  6 12:41:10 2012
>>> New Revision: 1358167
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1358167&view=rev
>>> Log:
>>> Work correctly with a development version of OpenSSL. I suspect
>>> something similar is needed when there are two OpenSSL installations,
>>> one in a default location.
>
> I had another look at this, since it has been proposed for backporting
> to 2.4 in the meantime, and still think the following is true:
>
>> If I'm understanding correctly, then this
>> patch tries to support building against an OpenSSL source tree (or
>> perhaps a build directory where only "make libs" has been executed)?
>
> (should have read "make build_libs" instead)
>
> It's a useful enhancement if mod_ssl can be linked with a specific
> OpenSSL version in a non-default location, but the current approach has
> at least one problem, AFAICT: it will only work if the directory pointed
> to by --with-ssl does not include shared libraries for OpenSSL (by
> default, OpenSSL only builds libssl.a and libcrypto.a, so the issue
> might not be obvious at first sight).

Hmm! This worked for me with shared libraries. Strange.

>> I would suggest to use a separate
>> configure argument to support this build option, e.g. --with-ssl-srcdir.
>
> I gave it a try, see the attached "work-in-progress" patch. While we're
> at it, I think we should also fix a flaw in the handling of the
> --with-ssl argument: in
> http://svn.apache.org/viewvc?view=revision&revision=730926, acinclude.m4
> was modified to always give pkg-config precedence over any argument
> specified through --with-ssl. While the rationale for this change
> becomes clear from the commit log, I consider it an unfortunate side
> effect that pkg-config always trumps any --with-ssl directory argument.
>
> My suggestion would be to handle OpenSSL paths in configure arguments
> like this, instead:
>
> 1) use --with-ssl-builddir for linking with the static OpenSSL libraries
> in that directory (and ignore --with-ssl in this case)
>
> 2) use --with-ssl for linking against an installed version of OpenSSL
>
> 3) use pkg-config to locate OpenSSL
>
> Does that sound like a reasonable proposal? Comments welcome, and test
> feedback would be much appreciated (remember to run "buildconf" after
> applying the patch to acinclude.m4, and before calling configure).

Sounds OK to me.

>
> Kaspar
>

Mime
View raw message