cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: recompiling curl to NOT use system openssl

From: Brian Dessent <brian_at_dessent.net>
Date: Fri, 05 Sep 2008 14:13:14 -0700

Brian Dessent wrote:

> IIRC pkg-config has a facility to differentiate between the two with
> e.g. --libs and --static-libs or however they spell it. You should
> check openssl's .pc file to see if this is setup properly, in which case
> it should be possible to set LIBS via "pkg-config openssl --static-libs"
> or however it's spelled.

Well after checking they don't provide this, so never mind. And
thinking about it, they (i.e. openssl) probably want to discourage
static linking because it's considered a real faux pas to statically
link security libraries. The conventional wisdom is that when there are
vulnerabilities in security software you want to have one central copy
of the (shared) library to upgrade, fixing all apps on the system at
once. When the library has been statically linked into executables it
becomes much harder to hunt down all these instances and recompile them,
which effectively means that they are never upgraded and suffer with
security vulnerabilities into perpetuity.

Brian
Received on 2008-09-05