Re: Building CURL with OpenSSL
Date: Fri, 21 Feb 2020 05:10:37 -0500
On Thu, Feb 20, 2020 at 3:41 PM Daniel Stenberg via curl-library
> On Thu, 20 Feb 2020, Jason Proctor via curl-library wrote:
> > I see that Curl has a configure option for pointing it at an OpenSSL
> > installation, but so far I have been unable to make this work. With the
> > latest versions of both packages, and OpenSSL successfully built and
> > installed, the Curl configure step can't find the (perfectly good and fine)
> > OpenSSL installation.
> > Questions - is this mechanism still supported? Are there known good versions
> > of Curl and OpenSSL which do this dance successfully? Is there another route
> > from Curl to OpenSSL built from source?
> It is very much supported. I use it myself very frequently and we have CI
> builds using it.
> 1. build OpenSSL
> ./config enable-tls1_3 --prefix=/home/daniel/build-openssl
> make install
Use Daniel's suggestion here, too. OpenSSL will load the wrong shared
objects at runtime without a RPATH or RUNPATH. ldd on libssl.so should
show the wrong libcrypto.so being loaded.
> 2. build curl
> LDFLAGS="-Wl,-rpath,$HOME/build-openssl/lib" \
> ./configure --with-ssl=$HOME/build-openssl
If available, use -Wl,--enable-new-dtags. The new-dtags sets a RUNPATH
(as opposed to a RPATH). RUNPATHs allow LD_LIBRARY_PATH overrides at
runtime, RPATHS do not.
$ readelf -d /usr/local/lib64/libssl.so | grep -E 'RPATH|RUNPATH'
0x000000000000001d (RUNPATH) Library runpath:
Another useful trick is to use $ORIGIN so the binaries can be moved
around on the filesystem. So LDFLAGS might look include this:
-Wl,-R,'$$ORIGIN/../lib64' -Wl,-R,/usr/local/lib64 -Wl,--enable-new-dtags
The double-$ escapes the dollar sign in the makefile. If you are
manually building from the command line you only need a single-$.
Received on 2020-02-21