[stunnel-users] [BUG] SSL directory scan breaks cross-compilation

Michal Trojnara Michal.Trojnara at mirt.net
Mon Nov 3 17:29:11 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Spencer wrote:
> Michal Trojnara wrote:
>> John Spencer wrote:
>> 
>>> the concept of searching for a library directory is completely 
>>> broken. if just adding -lssl -lcrypto to LDFLAGS doesnt find
>>> the openssl libraries at link time, the user's compiler
>>> toolchain is wrongly set up, and its not the job of a package
>>> to work around that by searching through a number of
>>> directories. it's the user's job to fix his toolchain by
>>> supplying the right -L paths in case he's got his library
>>> installed in a non-standard location.
>> 
>> So is the concept of installing headers by default in 
>> /usr/local/ssl/include rather than /usr/local/include...
> 
> who does that ?

OpenSSL does.  This is the default directory.  8-)

> either way, if a user installed a custom ssl version into
> $prefix/local instead of the default prefix, he will definitely not
> expect that the configure script will detect his non-standard local
> version and use it automatically.

In fact stunnel only searches *standard* directories used by various
port systems.  It may happen that a users chose those same directory,
but this is not why I wrote this detection loop.

> but in general, openssl needs no special include dirs, no special 
> CFLAGS, and works by just adding "-lssl -lcrypto -lz" to the
> linker command line (the -lz covers static linking as openssl
> depends on zlib). from C code it's supposed to be used like: 
> #include <openssl/ssl.h> i.e. referencing the openssl dir in the
> standard include dir. no need to add any fancy -I references for
> the preprocessing.

This is an interesting observation.  Now do you usually build OpenSSL
on platforms that do not have it pre-packaged?

- From the OpenSSL "INSTALL" file:

#  Quick Start
#  -----------
#
#  If you want to just get on with it, do:
#
#   $ ./config
#   $ make
#   $ make test
#   $ make install
#
#  [If any of these steps fails, see section Installation in Detail
below.]
#
#  This will build and install OpenSSL in the default location, which
is (for
#  historical reasons) /usr/local/ssl. If you want to install it
anywhere else,
#  run config like this:
#
#   $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl

> interesting. i'm seeing this "-I=" usage the first time. do you
> have a reference explaining it ?

man gcc

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlRXrVcACgkQ/NU+nXTHMtEvWACffe0VgvUqzxqKn2RiRDPIhJS+
lPUAn1E/4el6GUyKMjM76Jx2SAjXjDlR
=491t
-----END PGP SIGNATURE-----


More information about the stunnel-users mailing list