How to compile with custom OpenSSL version statically?

[rugk]

How can I e.g. compile ejabberd with OpenSSL 1.1.0 statically (i.e. not using the OpenSSL version installed on the system)?

[rugk]

@zinid Any tips? Is there a parameter for the configure file I can use?

[zinid]

@rugk no idea, probably playing with environment variables, some of them should be passed to configure script of fast_tls
Something like

export LDFLAGS="-L/usr/local/opt/openssl/lib"
export CFLAGS="-I/usr/local/opt/openssl/include/"
export CPPFLAGS="-I/usr/local/opt/openssl/include/"

[rugk]

Thanks for your tip. I'll try it out.

[rugk]

Thanks for your help, I got it compiled, but I don't know whether it really used the static OpenSSL version. Is there an command for ejabberdctl showing the used modules or so?

[zinid]

There should be fast_tls_drv.so file created, you can try ldd on it or something like that.

[rugk]

Where should it be created (in the compile dir) or somewhere else?

[zinid]

$ cd ejabberd-source
$ ./configure && make
$ ls deps/fast_tls/priv/lib
fast_tls_drv.so  p1_sha.so

[rugk]

Thanks. So it tells me this:

$ ldd fast_tls_drv.so
[…]

1.0.0 is the version of fast tls AFAIK, so I do not see the OpenSSL version directly. However is it right that the /lib dir shows me that Fast TLS is using it's own libraries?

[weiss]

However is it right that the /lib dir shows me that Fast TLS is using it's own libraries?

No. You could either set LIBS and/or LDFLAGS appropriately, or just move OpenSSL's .so files out of the way during fast_tls compilation. Of course, both solutions require libssl.a and libcrypto.a to be available, which depends on your distribution.

Either way, this is a compiler/linker usage question rather than an ejabberd bug, so I'll close this issue. If you need additional help, you could ask on the ejabberd mailing list, for example.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.