Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[openssl] Static builds should maybe set no-module configure option #24559

Closed
madig opened this issue May 5, 2022 · 0 comments · Fixed by #24598
Closed

[openssl] Static builds should maybe set no-module configure option #24559

madig opened this issue May 5, 2022 · 0 comments · Fixed by #24598
Assignees
@LilyWangLL
Labels
category:port-feature The issue is with a library, which is requesting new capabilities that didn’t exist

Comments

@madig
Copy link

madig commented May 5, 2022

Is your feature request related to a problem? Please describe.

OpenSSL 3.0 deprecated some old algorithms like RC2-40-CBC, which are still in use in some PKCS#12 certificates. Using them requires something like

OSSL_PROVIDER* dflt = OSSL_PROVIDER_load(nullptr, "default");
if (dflt == nullptr) {
    ERR_print_errors_fp(stderr);
    return;
}
OSSL_PROVIDER* legacy = OSSL_PROVIDER_load(nullptr, "legacy");
if (legacy == nullptr) {
    ERR_print_errors_fp(stderr);
    return;
}

at the start of your program; however, a static OpenSSL build (no-shared) will try to dynamically load e.g. legacy.so, which will not exist. To make the legacy provider available in static builds, OpenSSL needs to be built with no-shared no-module (see openssl/openssl#17679).

Proposed solution

OpenSSL (at least on Unix? Not sure about other platforms) should probably have https://github.com/microsoft/vcpkg/blob/master/ports/openssl/unix/CMakeLists.txt#L130 be set(SHARED no-shared no-module)

Describe alternatives you've considered

I don't know if there is a use-case for dynamically loading these modules for a static build?
@LilyWangLL LilyWangLL added the category:port-feature The issue is with a library, which is requesting new capabilities that didn’t exist label May 6, 2022
@LilyWangLL LilyWangLL mentioned this issue May 7, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@LilyWangLL LilyWangLL

Labels
category:port-feature The issue is with a library, which is requesting new capabilities that didn’t exist
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[openssl] Add no-module configure option for static build LilyWangLL/vcpkg
2 participants
@madig @LilyWangLL