An idea:
Would it be possible to create the shared library with the
version number before, not after the extension (.so on unix,
.dll on dos/windows etc.)?
This way Android users could have libssl.1.0.0.so and Windows
users could have ssleay64.1.0.0.DLL.
Linux/Unix users could continue with the libssl.so.1.0.0 naming scheme.
On 7/19/2012 2:17 PM, AJ wrote:
Thanks Stephen!
I still have the "multiple definitions" problem when trying to build on my Mac,
but it works fine when I build in Linux. (Maybe something in my environment).
However, now I run into a problem where my other library expects to link to the
openssl libraries with version number: libssl.so.1.0.0 and lib crypto.so.1.0.0.
The Android-NDK only handles prebuilt shared libraries which end with ".so" --
it won't package libraries with version numbers at the end of the filename.
There doesn't appear to be a good (non-hacky) way of getting around that point,
unless there is a way to get OpenSSL to build shared libraries without version
numbers:
http://stackoverflow.com/questions/11491065/linking-with-versioned-shared-library-android-ndk
http://grokbase.com/t/gg/android-ndk/124n8n4rzn/sharedlib-dependency-mixed-mode-apk
So the best option at this point would seem to going back to static build, and
getting fipsld working for the android build. Unless I am missing something.
Thanks,
AJ
----- Original Message -----
From: Dr. Stephen Henson <st...@openssl.org>
To: openssl-users@openssl.org
Cc:
Sent: Wednesday, July 18, 2012 6:55 PM
Subject: Re: FIPS: Incore fingerprint check fails on Android?
On Wed, Jul 18, 2012, AJ wrote:
This explains it -- thank you -- I was using a static library -- so I would
need to use fipsld, if I continue to use static.
However, knowing this, I wanted to try with shared OpenSSL library instead, but my build
fails on "multiple definition" errors.
The only difference I made, was to add "shared" to the config line, when
building openssl-1.0.1c:
./config fips --with-fipslibdir=/usr/local/ssl/fips-2.0/lib/ shared
make depend
make
make install
Don't use --with-fipslibdir instead use --with-fipsdir instead or you can set
the FIPSDIR environment variable while building the validated module and the
FIPS capable OpenSSL.
So you'd instead do:
./config fips --with-fipsdir=/usr/local/ssl/fips-2.0 shared
I just tried this with my setup and it worked OK.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
--
Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10
<call:+4531131610>
This message is only for its intended recipient, delete if misaddressed.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org