From owner-freebsd-current Tue Feb 22 13:26:25 2000 Delivered-To: freebsd-current@freebsd.org Received: from heimdall.piqnet.org (adsl-63-197-64-194.dsl.snfc21.pacbell.net [63.197.64.194]) by hub.freebsd.org (Postfix) with ESMTP id E5A2837B6A5 for ; Tue, 22 Feb 2000 13:26:21 -0800 (PST) (envelope-from joelh@gnu.org) Received: from detlev.piqnet.org (adsl-63-197-64-195.dsl.snfc21.pacbell.net [63.197.64.195]) by heimdall.piqnet.org (8.9.3/8.9.3) with ESMTP id NAA08563 for ; Tue, 22 Feb 2000 13:30:45 -0800 (PST) (envelope-from joelh@gnu.org) Received: (from joelh@localhost) by detlev.piqnet.org (8.9.3/8.9.3) id NAA66956; Tue, 22 Feb 2000 13:27:59 -0800 (PST) (envelope-from joelh@gnu.org) X-Authentication-Warning: detlev.piqnet.org: joelh set sender to joelh@gnu.org using -f To: freebsd-current@FreeBSD.ORG Subject: Re: openssl in -current References: <19347.951098777@zippy.cdrom.com> From: Joel Ray Holveck Date: 20 Feb 2000 20:49:32 -0800 In-Reply-To: "Jordan K. Hubbard"'s message of "Sun, 20 Feb 2000 18:06:17 -0800" Message-ID: <86d7prqhwj.fsf@detlev.UUCP> Lines: 30 X-Mailer: Gnus v5.7/Emacs 20.5 MIME-Version: 1.0 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > It would obviously not be hard to write a set of stubs for these > things, getting those stubs called selectively in the "no real RSA" > case also not being very difficult. One way would be to put them in a > lower version-numbered shared lib, like OpenBSD did it, so that the > application would fall through to link against the stub version if > librsaref.so.2 was not found. Another, better way, would be to use > weak symbols and a dlopen(), e.g.: [snip] > That way it's not an error to link against the openssl library without > librsa, though if you do link with -lrsa and -lssl then you can also > skip the stubs entirely and not encur the dlopen() overhead, something > which makes the -static (or stand-alone) linkers happy. I'm not familiar with OpenSSL's link lines, but here's a question. Are linking with -lrsa and -lssl normally necessary, or is it normally just -lssl? If it't the latter, then programs that expect to link against OpenSSL will succeed to build and link, but fail to run properly. I realize that every OS has its quirks for building packages, but I find this sort of change vulgar. Naturally, if OpenSSL-based programs *expect* to build against -lrsa and -lssl, then I have no objections. joelh -- Joel Ray Holveck - joelh@gnu.org Fourth law of programming: Anything that can go wrong wi sendmail: segmentation violation - core dumped To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message