ok, that's basically what I did to get it working too. I'm still doing some testing but so far it's working as expected and using openssl 1.0.1e on a redhat 5.x system.
I ended up configuring openssl with "no-dso" which seems to make it statically link to its dependencies and not need to pull -ldl into the haproxy build. Not sure what other impacts that has though. Thanks for the pointers! -Bryan On Fri, May 10, 2013 at 5:24 PM, Lukas Tribus <[email protected]> wrote: > Hi Bryan, > > > > What's required to build haproxy and statically link with openssl libs > > like can be done with pcre? > > The following procedure will install a static build of latest openssl > in a directory of your choice without interfering with your OS headers > and libraries: > > > export LIBSSLBUILD=/tmp/libsslbuild > > mkdir $LIBSSLBUILD > > cd ~ > > wget http://www.openssl.org/source/openssl-1.0.1e.tar.gz > > tar zxvf openssl-1.0.1e.tar.gz > > cd openssl-1.0.1e && > > ./config --prefix=$LIBSSLBUILD no-shared > > make > > make install_sw > > > Then build haproxy by pointing to the proper path: > > make TARGET=linux2628 USE_OPENSSL=1 ADDINC=-I$LIBSSLBUILD/include \ > > ADDLIB="-L$LIBSSLBUILD/lib -ldl" > > OpenSSL depends on libdl, so we need pass -ldl along. > > > When everything is compiled, checkout your openssl version (use a > snapshot from Apr 27th or younger to see build and runtime > openssl version). Both should say 1.0.1e in our case. Also check with > ldd; it should not show any openssl libraries loaded dynamically. > > > lukas@ubuntuvm:~/haproxy$ ./haproxy -vv | grep OpenSSL > > Built with OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013 > > Running on OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013 > > OpenSSL library supports TLS extensions : yes > > OpenSSL library supports SNI : yes > > OpenSSL library supports prefer-server-ciphers : yes > > lukas@ubuntuvm:~/haproxy$ ldd haproxy > > linux-gate.so.1 => (0xb76e4000) > > libcrypt.so.1 => /lib/i386-linux-gnu/libcrypt.so.1 (0xb76ab000) > > libdl.so.2 => /lib/i386-linux-gnu/libdl.so.2 (0xb76a6000) > > libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xb74fb000) > > /lib/ld-linux.so.2 (0xb76e5000) > > lukas@ubuntuvm:~/haproxy$ > > > > Regards, > > Lukas
