rpath is not the best solution here IMO - if the dependency is moved or removed 
(or replaced with a wrong SO in the right path, maybe even maliciously) from 
the system haproxy will still fail to load. I personally simply statically link 
OpenSSL into the HAProxy executable, which makes it portable and independent of 
OS SO configuration or paths. In order to statically link OpenSSL, simply build 
it without shared library support (no-shared) and then relink haproxy against 
it with the same SSL_INC and SSL_LIB. 

If you still want to use rpath, I believe you can add it with ADDLIB variable:

make  TARGET=linux-glibc ... ADDLIB="-rpath /opt/prod/openssl111c/lib64"

Bob

-----Original Message-----
From: hal...@xsmail.com <hal...@xsmail.com> 
Sent: Wednesday, July 17, 2019 12:32 PM
To: Aleksandar Lazic <al-hapr...@none.at>
Cc: Zakharychev, Bob <bob.zakharyc...@spirent.com>; haproxy@formilux.org
Subject: Re: haproxy 2.0.0 build openssl version mismatch?

On Wed, Jul 17, 2019, at 9:13 AM, Aleksandar Lazic wrote:
> 
> Can you try to adopt your system to the openssl path as I in the dockerfile.
> 
> https://gitlab.com/aleks001/haproxy20-centos/blob/master/Dockerfile#L3
> 7
> 
> ```
>  echo "/opt/prod/openssl111c/lib64" > 
> /etc/ld.so.conf.d/openssl-111c.conf \  && ldconfig -v \  ```

ldconfig additions/changes are system-wide, and local environment specific -- 
and subject to end-user override.

does haproxy simply support rpath -- which correctly solves the linking problem 
in the distributed package by hardcoding the specified/intended runtine path -- 
like most other packages?

e.g., all rpath'd &/or config-managed build/installs,

        ldd `which nginx` | egrep "ssl|crypto"
                libssl.so.1.1 => /opt/prod/openssl111c/lib64/libssl.so.1.1 
(0x00007f24ae9f6000)
                libcrypto.so.1.1 => 
/opt/prod/openssl111c/lib64/libcrypto.so.1.1 (0x00007f24ae4f0000)
        ldd `which php` | egrep "ssl|crypto"
                libssl.so.1.1 => /opt/prod/openssl111c/lib64/libssl.so.1.1 
(0x00007f4c1533a000)
                libcrypto.so.1.1 => 
/opt/prod/openssl111c/lib64/libcrypto.so.1.1 (0x00007f4c14e34000)
        ldd `which mariadb` | egrep "ssl|crypto"
                libssl.so.1.1 => /opt/prod/openssl111c/lib64/libssl.so.1.1 
(0x00007feb8998a000)
                libcrypto.so.1.1 => 
/opt/prod/openssl111c/lib64/libcrypto.so.1.1 (0x00007feb89484000)
        ldd `which named` | egrep "ssl|crypto"
                libssl.so.1.1 => /opt/prod/openssl111c/lib64/libssl.so.1.1 
(0x00007f539d468000)
                libcrypto.so.1.1 => 
/opt/prod/openssl111c/lib64/libcrypto.so.1.1 (0x00007f539cf62000)
        ldd `which openvpn` | egrep "ssl|crypto"
            libssl.so.1.1 => /opt/prod/openssl111c/lib64/libssl.so.1.1 
(0x00007fd1d891b000)
            libcrypto.so.1.1 => /opt/prod/openssl111c/lib64/libcrypto.so.1.1 
(0x00007fd1d8415000)
        ldd `which curl` | egrep "ssl|crypto"
                libssl.so.1.1 => /opt/prod/openssl111c/lib64/libssl.so.1.1 
(0x00007f5085647000)
                libcrypto.so.1.1 => 
/opt/prod/openssl111c/lib64/libcrypto.so.1.1 (0x00007f5085149000)
        etc etc

none of which need ldconfig.

Reply via email to