rpath is not the best solution here IMO - if the dependency is moved or removed (or replaced with a wrong SO in the right path, maybe even maliciously) from the system haproxy will still fail to load. I personally simply statically link OpenSSL into the HAProxy executable, which makes it portable and independent of OS SO configuration or paths. In order to statically link OpenSSL, simply build it without shared library support (no-shared) and then relink haproxy against it with the same SSL_INC and SSL_LIB.
If you still want to use rpath, I believe you can add it with ADDLIB variable: make TARGET=linux-glibc ... ADDLIB="-rpath /opt/prod/openssl111c/lib64" Bob -----Original Message----- From: [email protected] <[email protected]> Sent: Wednesday, July 17, 2019 12:32 PM To: Aleksandar Lazic <[email protected]> Cc: Zakharychev, Bob <[email protected]>; [email protected] Subject: Re: haproxy 2.0.0 build openssl version mismatch? On Wed, Jul 17, 2019, at 9:13 AM, Aleksandar Lazic wrote: > > Can you try to adopt your system to the openssl path as I in the dockerfile. > > https://gitlab.com/aleks001/haproxy20-centos/blob/master/Dockerfile#L3 > 7 > > ``` > echo "/opt/prod/openssl111c/lib64" > > /etc/ld.so.conf.d/openssl-111c.conf \ && ldconfig -v \ ``` ldconfig additions/changes are system-wide, and local environment specific -- and subject to end-user override. does haproxy simply support rpath -- which correctly solves the linking problem in the distributed package by hardcoding the specified/intended runtine path -- like most other packages? e.g., all rpath'd &/or config-managed build/installs, ldd `which nginx` | egrep "ssl|crypto" libssl.so.1.1 => /opt/prod/openssl111c/lib64/libssl.so.1.1 (0x00007f24ae9f6000) libcrypto.so.1.1 => /opt/prod/openssl111c/lib64/libcrypto.so.1.1 (0x00007f24ae4f0000) ldd `which php` | egrep "ssl|crypto" libssl.so.1.1 => /opt/prod/openssl111c/lib64/libssl.so.1.1 (0x00007f4c1533a000) libcrypto.so.1.1 => /opt/prod/openssl111c/lib64/libcrypto.so.1.1 (0x00007f4c14e34000) ldd `which mariadb` | egrep "ssl|crypto" libssl.so.1.1 => /opt/prod/openssl111c/lib64/libssl.so.1.1 (0x00007feb8998a000) libcrypto.so.1.1 => /opt/prod/openssl111c/lib64/libcrypto.so.1.1 (0x00007feb89484000) ldd `which named` | egrep "ssl|crypto" libssl.so.1.1 => /opt/prod/openssl111c/lib64/libssl.so.1.1 (0x00007f539d468000) libcrypto.so.1.1 => /opt/prod/openssl111c/lib64/libcrypto.so.1.1 (0x00007f539cf62000) ldd `which openvpn` | egrep "ssl|crypto" libssl.so.1.1 => /opt/prod/openssl111c/lib64/libssl.so.1.1 (0x00007fd1d891b000) libcrypto.so.1.1 => /opt/prod/openssl111c/lib64/libcrypto.so.1.1 (0x00007fd1d8415000) ldd `which curl` | egrep "ssl|crypto" libssl.so.1.1 => /opt/prod/openssl111c/lib64/libssl.so.1.1 (0x00007f5085647000) libcrypto.so.1.1 => /opt/prod/openssl111c/lib64/libcrypto.so.1.1 (0x00007f5085149000) etc etc none of which need ldconfig.
