Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Building CURL with OpenSSL

From: Jeffrey Walton via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 21 Feb 2020 05:10:37 -0500

On Thu, Feb 20, 2020 at 3:41 PM Daniel Stenberg via curl-library
<curl-library_at_cool.haxx.se> wrote:
>
> On Thu, 20 Feb 2020, Jason Proctor via curl-library wrote:
>
> > I see that Curl has a configure option for pointing it at an OpenSSL
> > installation, but so far I have been unable to make this work. With the
> > latest versions of both packages, and OpenSSL successfully built and
> > installed, the Curl configure step can't find the (perfectly good and fine)
> > OpenSSL installation.
> >
> > Questions - is this mechanism still supported? Are there known good versions
> > of Curl and OpenSSL which do this dance successfully? Is there another route
> > from Curl to OpenSSL built from source?
>
> It is very much supported. I use it myself very frequently and we have CI
> builds using it.
>
> 1. build OpenSSL
>
> ./config enable-tls1_3 --prefix=/home/daniel/build-openssl
> make
> make install

Use Daniel's suggestion here, too. OpenSSL will load the wrong shared
objects at runtime without a RPATH or RUNPATH. ldd on libssl.so should
show the wrong libcrypto.so being loaded.

> 2. build curl
>
> LDFLAGS="-Wl,-rpath,$HOME/build-openssl/lib" \
> ./configure --with-ssl=$HOME/build-openssl

If available, use -Wl,--enable-new-dtags. The new-dtags sets a RUNPATH
(as opposed to a RPATH). RUNPATHs allow LD_LIBRARY_PATH overrides at
runtime, RPATHS do not.

$ readelf -d /usr/local/lib64/libssl.so | grep -E 'RPATH|RUNPATH'
 0x000000000000001d (RUNPATH) Library runpath:
[$ORIGIN/../lib64:/usr/local/lib64]

Another useful trick is to use $ORIGIN so the binaries can be moved
around on the filesystem. So LDFLAGS might look include this:

     -Wl,-R,'$$ORIGIN/../lib64' -Wl,-R,/usr/local/lib64 -Wl,--enable-new-dtags

The double-$ escapes the dollar sign in the makefile. If you are
manually building from the command line you only need a single-$.

Jeff
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-02-21