On Sun, May 04, 2014 at 11:59:55PM +0100, Matt Caswell wrote: > > As far as I understand if you want to have both -lssl -lcrypto you > > should use "openssl" instead of "libssl"? > > > > Anyway, I think this makes perfect sense and if things break it's > > easy enough to fix it. > > I'd be interested to hear what other people think about this. I have > to say I was in two minds about it.
The OpenSSL documentation does not indicate which "-l" option provides a particular function. Here are some of the more commonly used whose "origin" is not necessarily obvious * OPENSSL_malloc(), OPENSSL_free() are in libcrypto. * The thread callbacks are in libcrypto. * The tmp_dh and tmp_ecdh callbacks in SSL require applications to use libcrypto to construct appropriate objects for the callback. Without these, no server-side PFS support. * ERR_get_error() is in libcrypto, needed for error reporting. * OpenSSL_add_ssl_algorithms() is SSL_library_init from libssl, users who want SHA2 in OpenSSL 0.9.8 are advised to also call: OpenSSL_add_all_algorithms() from libcrypto. * SSLeay() is from libcrypto, used to sanity check or log version of either library at run-time. Provided by libcrypto. * RAND_seed() is in libcrypto. * SSL applications that perform certificate name checks (should be most), need X509 interfaces from libcrypto. Even if one only logs the peer subject name or computes the certificate digest, that's libcrypto. Setting up automatic name checks in the new 1.0.2 API may still require libcrypto. I can dig up more reasons why few realistic applications can get by with explicit linkage to libssl alone. Since even those that only directly drag in symbols from libssl still ultimately depend on libcrypto, the cost of explicitly including -lcrypto seems to me to be outweighed by the benefit of making life easier for users by always providing both. What is the motivation to attempt to avoid "-lcrypto" here? -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org