httpd-dev.2012 at velox
Aug 5, 2012, 1:10 AM
On 08.07.2012 10:30, Kaspar Brand wrote:
Linking mod_ssl with a specific OpenSSL version (Re: svn commit: r1358167 - in /httpd/httpd/trunk: acinclude.m4 modules/ssl/ssl_engine_init.c)
> On 06.07.2012 14:41, ben [at] apache wrote:
>> Author: ben
>> Date: Fri Jul 6 12:41:10 2012
>> New Revision: 1358167
>> URL: http://svn.apache.org/viewvc?rev=1358167&view=rev
>> Work correctly with a development version of OpenSSL. I suspect
>> something similar is needed when there are two OpenSSL installations,
>> one in a default location.
I had another look at this, since it has been proposed for backporting
to 2.4 in the meantime, and still think the following is true:
> If I'm understanding correctly, then this
> patch tries to support building against an OpenSSL source tree (or
> perhaps a build directory where only "make libs" has been executed)?
(should have read "make build_libs" instead)
It's a useful enhancement if mod_ssl can be linked with a specific
OpenSSL version in a non-default location, but the current approach has
at least one problem, AFAICT: it will only work if the directory pointed
to by --with-ssl does not include shared libraries for OpenSSL (by
default, OpenSSL only builds libssl.a and libcrypto.a, so the issue
might not be obvious at first sight).
> I would suggest to use a separate
> configure argument to support this build option, e.g. --with-ssl-srcdir.
I gave it a try, see the attached "work-in-progress" patch. While we're
at it, I think we should also fix a flaw in the handling of the
--with-ssl argument: in
was modified to always give pkg-config precedence over any argument
specified through --with-ssl. While the rationale for this change
becomes clear from the commit log, I consider it an unfortunate side
effect that pkg-config always trumps any --with-ssl directory argument.
My suggestion would be to handle OpenSSL paths in configure arguments
like this, instead:
1) use --with-ssl-builddir for linking with the static OpenSSL libraries
in that directory (and ignore --with-ssl in this case)
2) use --with-ssl for linking against an installed version of OpenSSL
3) use pkg-config to locate OpenSSL
Does that sound like a reasonable proposal? Comments welcome, and test
feedback would be much appreciated (remember to run "buildconf" after
applying the patch to acinclude.m4, and before calling configure).