Chapter 8 - openssl

Robert Connolly robert at linuxfromscratch.org
Mon Feb 14 19:18:56 PST 2005


On February 14, 2005 09:40 pm, T_B wrote:
> After applying the latest patches (glibc-2.3.4-arc4random-1.patch) openssl
> objects during the make.  If the arc4random references that this patch adds
> to /usr/include/stdlib.h are commented out all is fine.  Perhaps some fixup
> is required to openssl to allow it to build with arc4random.

Yes, a patch or maybe an sed is needed. s/OpenBSD/HAVE_ARC4RANDOM/ on the 
#ifdef above the arc4random() in 'crypto/rand/rand_unix.c'.

> Also the same problem occurs with openssh.

Same thing as with OpenSSL, but in a dozen files.

> I also noticed that if you remove the static libs ( rm -f
> /usr/lib/{libcrypto.a,libssl.a} ) as is suggested, then subsequently
> openssh will not build.  Perhaps there is some tweak required to openssh
> that removes its dependence on openssl's static libraries.

The sed command in blfs uses openssl's static lib. Don't use that sed command.

> One last question - what is the rational for removing fips in the line (
> sed -i 's%SHLIBDIRS= fips crypto ssl%SHLIBDIRS= crypto ssl%g' Makefile  ) ?
> openssl still has its fips approval pending, but in general I would prefer
> crypto that is in process to fips certification over not.

I don't know anything about this.

> Other than that, complete build of latest appears to be running fine.  I
> will report any observed operation issues if and when they appear.
>
> Regards
> Bill

robert



More information about the hlfs-dev mailing list