[oi-dev] review openssl-1.0

Alexander Pyhalov alp at rsu.ru
Mon Apr 14 15:31:56 UTC 2014 

Hello.
I'm working on enabling openssl-1.0 in oi-userland.

Please, review this work:
https://github.com/pyhalov/oi-userland/compare/openssl

The main issue is that we
a) should support legacy software which depends on openssl 0.9.8,
b) can't rebuild the whole OI /hipster .
So, we should provide compatibility package.

The things I've done:
1) resync our code with userland one,
2) added openssl 0.9.8 auxiliary component (the only target used is 
"build").
It's used to build libssl.so.0.9.8 and libcrypto.so.0.9.8 after 
compiling openssl 1.0.
3) massaged openssl 1.0 so that it uses gcc.

I'm a bit worried that gcc and sun cc build options in Configure script 
are different. I can't predict how it affects resulting binaries.

Old Sun Studio config:
"solaris-x86-cc-sunw","cc:-m32 -xO3 -xspace -g 
-Xa::-D_REENTRANT::-lsocket -lnsl -lc:BN_LLONG RC4_CHAR RC4_CHUNK 
DES_PTR DES_UNROLL 
BF_PTR:${x86_elf_asm_sunw}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z 
text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign 
-M/usr/lib/ld/map.noexdata:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris64-x86_64-cc-sunw","cc:-xO3 -m64 -g -xstrconst -Xa 
-DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -lc:SIXTY_FOUR_BIT_LONG 
RC4_CHAR RC4_CHUNK BF_PTR DES_PTR DES_INT 
DES_UNROLL:${x86_64_asm_sunw}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z 
text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign 
-M/usr/lib/ld/map.noexdata:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

default gcc config:
"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall 
-DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl 
-ldl:BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN 
-DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG 
RC4_CHUNK DES_INT 
DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared 
-static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

"-ldl" and "-lc" difference doesn't matter, as libdl is just a proxy 
library for libc. However I can't estimate the influence of other options.

Testing done:
1) successfully run apache 2.2 (not recompiled) with new openssl 0.9.8 bits,
2) rebuilt and successfully booted latest illumos-gate
3) oi-build rebuild on-going now, so far no surprises
4) found out that apache 2.4 https doesn't work with any openssl (so 
it's a serious separate issue)

Waiting for your comments. If I don't receive any negative feedback and 
userland build completes without issues, I'm going to commit these bits 
in several few days.
-- 
Best regards,
Alexander Pyhalov,
system administrator of Computer Center of Southern Federal University

More information about the oi-dev mailing list