Re: OpenSMTPD build on OpenSSL 1.1.x

Wed, 28 Aug 2019 00:55:55 -0700 

On 28/08/2019 10:44, gil...@poolp.org wrote:

28 août 2019 00:00 "Reio Remma" <r...@mrstuudio.ee> a écrit:


On 27.08.2019 21:25, Richard Narron wrote:


The OpenSMTPD portable version from https://github.com/OpenSMTPD/OpenSMTPD
works fine on Slackware64 current with OpenSSL 1.1.1c and gcc 9.2
It took me a while to get it to work though.
I first downloaded the "current" portable version from
https://opensmtpd.org/archives/opensmtpd-6.4.2p1.tar.gz
And I got errors very similar to those of Denis Fateyev on Fedora 30.
Next I downloaded the portable version from github.com
and found that autoconf had not been run and this was no good.
Finally I discovered the post on the mailing list which mentioned the
"bootstrap" script and then I was able to download and build the portable
version from git.
The code shows version "6.6.0-portable".
It runs fine on Slackware64 current and I'm happy that it now works with
OpenSSL 1.1
Regards,
Richard Narron

Your success pushed me to try 6.6.0 on CentOS 7 with OpenSSL 1.1.1c.

Can anyone tell me if changing to -lcrypto -lssl to -l:libssl.a -l:libcrypto.a 
is the correct way
to get OpenSSL 1.1.1c statically compiled into OpenSMTPD? I ended up using 
these (and -pthreads
-ldl) and managed to build an RPM based on 6.0.3 RPM from CentOS 7.


I don't know about the -l:lib notation sorry

Out of curiosity, why would you want ssl statically compiled into OpenSMTPD ?
This means that when an issue hits OpenSSL, updating OpenSSL and restarting the 
daemon will not be
enough to be back on track.

In addition, I'm not sure why you need -pthreads because OpenSMTPD is not 
multi-threaded.


Hello!
CentOS 7 has OpenSSL 1.0.2k as the max version and with OpenSSL 1.1.1c compiled into OpenSMTPD I can run the new OpenSMTPD version on a machine with CentOS 7's old OpenSSL version.
I had to add -pthreads and -ldl to pass 'make' with the static OpenSSL libraries. Without these I ran into errors hinting at threads and dl.
I'm a little wary of just forcibly replacing the whole OpenSSL 1.0.2k on a production machine. :) 

Thanks!
Reio

Reply via email to