Well, IMHO shared libs are better because
(...as long as the API for OpenSSL does not change, which it should not...)
1) Executables using them are smaller (instead of x Megs, one has x Ks)
2) You can replace the shared libs (i.e. upgrade) without recompiling
and (generally) without ill effects as long as you tell the runtime
loader where the shared libs are found (keyword ldconfig, one should
not use LD_LIBRARY_PATH if possible)
You are right that in case of static linking, you can replace the libs
without effect at all - but that is exactly what one does NOT want in
case of an upgrade - one wants to take some profit out of the upgrade
w/o having to recompile everything (like in the 70s)
Go for shared except in case of special apps (e.g. tripwire IDS)
Best regards,
-- David Tonhofer
--On Thursday, September 19, 2002 9:04 AM -0400 Thomas Gagne
<[EMAIL PROTECTED]> wrote:
> I need to build apache w/ssl on a separate box from the server. It would
> *seem* to me to be better to link the web server against static ssl
> libraries than shared ones for two reasons:
>
> 1. it's easier to distributed (fewer dependencies)
> 2. it *feels* safer - the ssl so can't be modified underneath Apache
>
> When I built it with 0.9.6d in August I don't remember having to move the
> libraries. Regardless, now after building it with 0.9.6g the only way it
> works is linking with *shared* ssl libraries.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
