Thanks for the info. It turns out that we had customized the configure script
but the person who did it didn't document it correctly. Once I got that sorted
out, I was able to build it correctly.
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Michael Wojcik
Sent: Friday, June 02, 2017 10:58 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] -fPIC option missing for crypto/bn/x86_64-gcc.c
and some other files in 1.0.2l that exists in 1.0.1m & 1.1.0c
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> Behalf Of Bill Smith
> Sent: Friday, June 02, 2017 08:11
>
> Looking at the openssl build output, sure enough, it's missing -fPIC.
This is one of the reasons why we use our own Configure script for OpenSSL.
When we update to a new OpenSSL release, we diff its Configure against the one
from the previous release, and decide whether we need to make corresponding
edits to our own Configure. We also document what we've changed in our own
Configure.
It looks like you're building OpenSSL into archive libraries that you then
intend to link statically into your own shared objects. That's what my teams do
as well. OpenSSL's Configure wants to either build OpenSSL itself as shared
objects, or build archive libraries that aren't suitable for use in shared
objects (i.e. lack -fPIC or whatever the local toolchain's equivalent is). At
least that's the way it was back when we forked Configure in some 1.0.1
release, and we've continued to use our own Configure since.
It's not ideal, but in practice updating our Configure when we get a new
OpenSSL 1.0.2 release has been trivial - it hardly takes any more time than
downloading the tarball and checking the signature, and certainly much less
than building and testing on all of the platforms we support.
And OpenSSL is still far less trouble for us than, say, OpenLDAP.
Michael Wojcik
Distinguished Engineer, Micro Focus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users