чт, 4 нояб. 2021 г. в 18:58, Willy Tarreau <w...@1wt.eu>: > Hi Shawn, > > On Wed, Nov 03, 2021 at 10:56:02AM -0600, Shawn Heisey wrote: > > On 11/3/21 9:25 AM, ???? ??????? wrote: > > > you either need to specify LD_LIBRARY_PATH or add rpath during link, > > > here's example how to use rpath via ADDLIB haproxy/.travis.yml at > > > 57610c694e56a6b0d55bf42f1170bad93b7b3297 · haproxy/haproxy (github.com) > < > https://github.com/haproxy/haproxy/blob/57610c694e56a6b0d55bf42f1170bad93b7b3297/.travis.yml#L68-L85 > > > > > > > > I can't tell how to actually use that for my setup from the highlighted > > lines in that github page. > > > > Everything I have seen says that haproxy's build system is ignoring the > > SSL_INC and SSL_LIB settings I told it to use, and autodetecting the > openssl > > in /usr/local. > > > > But even if I am wrong about that, I did work out how to achieve my > goals. > > I built openssl with --prefix=/usr/local/ssl3 and made a symlink for its > > "openssl" binary to /usr/local/bin/ossl. I get to have the custom openssl > > installed and available with an altered command, but now haproxy's build > > system won't find it. > > Normally you just have to specify SSL_INC and SSL_LIB at build time to > specify the one you want to build with. I'm doing exactly this when I > want to build with older versions: > > $ ls -1d /opt/openssl-* > /opt/openssl-0.9.8/ > /opt/openssl-1.0.0/ > /opt/openssl-1.0.2/ > /opt/openssl-1.1.0/ > > $ make -j$(nproc) TARGET=linux-glibc USE_OPENSSL=1 \ > SSL_INC=/opt/openssl-1.0.2/include SSL_LIB=/opt/openssl-1.0.2/lib > ... > LD haproxy > $ ./haproxy -v > HAProxy version 2.5-dev12-726635-14 2021/11/03 - https://haproxy.org/ > > When used on the same machine you used to build, it's also possible to > use -rpath to store the lib's path into the executable: > > $ make -j$(nproc) TARGET=linux-glibc USE_OPENSSL=1 \ > SSL_INC=/opt/openssl-1.0.2/include \ > SSL_LIB="/opt/openssl-1.0.2/lib -Wl,-rpath=/opt/openssl-1.0.2/lib" > > $ ldd ./haproxy > linux-vdso.so.1 (0x00007ffce1ff9000) > libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f5fa6f83000) > libdl.so.2 => /lib64/libdl.so.2 (0x00007f5fa6f7e000) > librt.so.1 => /lib64/librt.so.1 (0x00007f5fa6f74000) > libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5fa6f52000) > libssl.so.1.0.0 => /opt/openssl-1.0.2/lib/libssl.so.1.0.0 > (0x00007f5fa6ce2000) > libcrypto.so.1.0.0 => /opt/openssl-1.0.2/lib/libcrypto.so.1.0.0 > (0x00007f5fa689d000) > libc.so.6 => /lib64/libc.so.6 (0x00007f5fa66b6000) > /lib64/ld-linux-x86-64.so.2 (0x00007f5fa700e000) > > $ ./haproxy -vv | grep -i ssl > OPTIONS = USE_OPENSSL=1 > Feature list : +EPOLL -KQUEUE +NETFILTER -PCRE -PCRE_JIT -PCRE2 > -PCRE2_JIT +POLL +THREAD +BACKTRACE -STATIC_PCRE -STATIC_PCRE2 +TPROXY > +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H +GETADDRINFO +OPENSSL -LUA > +ACCEPT4 -CLOSEFROM -ZLIB +SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS > -51DEGREES -WURFL -SYSTEMD -OBSOLETE_LINKER +PRCTL -PROCCTL +THREAD_DUMP > -EVPORTS -OT -QUIC -PROMEX -MEMORY_PROFILING > Built with OpenSSL version : OpenSSL 1.0.2j 26 Sep 2016 > Running on OpenSSL version : OpenSSL 1.0.2j 26 Sep 2016 > OpenSSL library supports TLS extensions : yes > OpenSSL library supports SNI : yes > OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 > > There's no reason that wouldn't work for you, as it's commonly used. > I suspect you just have one option wrong (possibly missing /lib at > the end of the SSL_LIB for example). >
wow. we do not fail build if SSL_LIB points to wrong folder ? > > Willy > >
