lordgamez commented on code in PR #1925:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1925#discussion_r1983282622
##########
cmake/BundledOpenSSL.cmake:
##########
@@ -51,15 +57,12 @@ function(use_openssl SOURCE_DIR BINARY_DIR)
set(OPENSSL_EXTRA_FLAGS
no-tests # Disable tests
- no-apps # disable executables
no-capieng # disable CAPI engine (legacy)
- no-dso # disable dynamic libraries
no-docs # disable docs and manpages
no-legacy # disable legacy modules
- no-module # disable dynamically loadable engines
- no-pinshared # don't pin shared libraries in the process
memory
Review Comment:
- no-apps is removed because we need the openssl binary to be packaged with
fips
- no-dso and no-module need to be enabled for shared libraries to be loaded
in our case the fips provider which cannot be statically linked
- IMO no-pinshared should not be enabled to have the loaded fips provider
available through the lifetime of the application and avoid the accidental
unloading of the fips shared library
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
