Hello,
On Fri, 22 Jun 2018 at 22:09, PGNet Dev <[email protected]> wrote: > > - share the openssl config line and installation commands > > gcc --version > gcc (SUSE Linux) 8.1.1 20180614 [gcc-8-branch revision 261584] > which openssl > /usr/local/openssl11/bin/openssl > openssl version > OpenSSL 1.1.0h 27 Mar 2018 > openssl version -f I meant how did you install openssl in /usr/local/openssl11? What exact config, configure and make commands? Anyway I tried it myself, this is how I was successful: - openssl: config openssl with something like: make clean; ./config --prefix=/home/lukas/libsslbuildpgnet/ -Wl,-rpath=/home/lukas/libsslbuildpgnet/lib - openssl: make && make install_sw - haproxy: use SSL_INC and SSL_LIB properly (don't prefix it with -I and -L), and append the rpath configuration to SSL_LIB, so in my case that would be SSL_INC=/home/lukas/libsslbuildpgnet/include/ SSL_LIB="/home/lukas/libsslbuildpgnet/lib -Wl,-rpath,/home/lukas/libsslbuildpgnet/lib" With that, it works for me: lukas@dev:~/haproxy-1.8$ ./haproxy -vv | grep -e HA -e "OpenSSL version" HA-Proxy version 1.8.9 2018/05/18 Built with OpenSSL version : OpenSSL 1.1.0h 27 Mar 2018 Running on OpenSSL version : OpenSSL 1.1.0h 27 Mar 2018 lukas@dev:~/haproxy-1.8$ ldd haproxy | grep -e ssl -e crypto libssl.so.1.1 => /home/lukas/libsslbuildpgnet/lib/libssl.so.1.1 (0x00007f1621865000) libcrypto.so.1.1 => /home/lukas/libsslbuildpgnet/lib/libcrypto.so.1.1 (0x00007f16213d6000) lukas@dev:~/haproxy-1.8$ In your initial attempt where you see 2 different version (one fips, one not) there is an build issue. You probably already have openssl 1.1 in your default directories, so haproxy finds that one and somehow compiles, but that's dangerous. cheers, lukas
