3

My app uses only functions supported in OpenSSL 0.9.8 and later, but I compile it on a system with a 1.0.0 library installed (with -lcrypto), and the app requires libcrypto.so.1.0.0 or later at install time.

OpenSSL apparently compiles the entire version level "libcrypto.so.1.0.0" into the SONAME of the library, so my app won't run unless this specific version of the library exists. I get that it won't run on a system with only 0.9.8 installed, but what if 1.0.1 is installed?

For every other shared library I use (-lpthreads, -lncurses, ..), ldd shows the SONAME as "libxxx.so.N", so I only need version N installed. OpenSSL is the only library I'm aware of that depends on a very specific version level (V.R.M), so I worry that the app won't run if the installed library is later than libcrypto.so.1.0.0 (or the library is updated to a more recent level).

Is there a way to compile my app to use "libcrypto.so or "libcrypto.so.1" regardless of what version it's linked to? And why does OpenSSL use the full version in the SONAME when no other library I'm aware of does this?

4

1 回答 1

2

不,没有可靠的方法,因为在 OpenSSL 中,内部结构在版本之间不断变化,并且相当多的函数实际上是直接访问/操作结构成员的宏。

尽管如此,如果您确定您的应用程序不使用任何此类宏并且愿意承担结构可能发生变化并且您的应用程序无法运行的风险,您可以dlopen()使用 libcrypto.so 和 dlsym() 函数。大约有20个。请记住,您可能正在使用许多函数,例如SSL_CTX_set_options并且SSL_want_read/SSL_want_write实际上是导致调用相同函数的宏。

另一种选择是静态链接libcrypto.alibssl.a。这也将使您的应用程序在根本没有安装 OpenSSL 的系统上运行(尽管这些系统很少)。预计这会增加 300-900kb 到您的应用程序的大小。

于 2013-12-10T06:17:41.017 回答