Re: A new workaround for bug 3816: ssl_crtd crash with OpenSSL v...

From: Tsantilas Christos <chtsanti_at_users.sourceforge.net>
Date: Tue, 14 May 2013 17:09:04 +0300

On 05/14/2013 03:00 PM, Amos Jeffries wrote:
> On 14/05/2013 11:13 p.m., Tsantilas Christos wrote:
>> On 05/14/2013 12:52 PM, Amos Jeffries wrote:
>> Currently, after squid build, the system admin have to update the ld.so
>> configuration or set LD_LIBRARY_PATH to load the correct openSSL
>> libraries.
>
> That is what I mean. If they have to do that then we are not setting
> CPPFLAGS quite right. They should only have to build --with-openssl=X to
> use the X library installation. Nothing else special.
>
>> This is also for Kerveros, LDAP libraries, XML libraries, and expat
>> libraries. Probably this is requires a separate patch fixing all of
>> these...
>
> Yes I think we are missing a while pile of potential -Wl,-rpath=X
> settings which our ./configure.ac should be adding when relevant.

For squid binaries we have not to use the (dangerous) -Wl,-rpath=X
option to compiler but just pass the "-rpath X" to libtool. The libtool
knows how to handle this parameter.

The scheme we need to follow is the following:
- In configure.ac script we need to store the library directory. For
example for openSSL library path:
 SSLLIBDIR="$with_openssl/lib"
 AC_SUBST(SSLLIBDIR)

- In Makefile.am set the _LDFLAGS parameter, for binaries. For example
for squid:
squid_LDFLAGS = -export-dynamic -dlopen force -rpath $(SSLLIBDIR)
Received on Tue May 14 2013 - 14:09:23 MDT

This archive was generated by hypermail 2.2.0 : Tue May 14 2013 - 12:00:09 MDT