Due to some very specific reasons we need to build an application which bundles it's own openssl library together with certs, config files and engines. This means that we deploy a directory containing the main binary and a folder lib with the shared objects, among other, libssl and libcrypto. To make this application link correctly to the libraries in any directory we can of course set RPATH to $ORIGIN/lib.
The challenge we have is that during compilation of openssl we need to set the --prefix and --openssldir paths which of course is not known during compile time since these files are also bundled with the application.
./Configure shared --prefix=/library --openssldir=/lib
After this we can see that these paths gets hard coded into the library:
$ grep -nra /library/ ./lib/libcrypto.so
167534:/library/lib/ct_log_list.cnf
167649:OPENSSLDIR: "/library/lib"
167651:ENGINESDIR: "/library//lib/engines-1.1"
179919:/library//lib/engines-1.1
196978:/library/lib/private
196982:/library/lib
196986:/library/lib/certs
196988:/library/lib/cert.pem
The only way I have come up with so far that makes the library portable is to compile the library with a really long placeholder path (since the offsets in an elf-file are fixed) and then replace that string in the elf-files to the location of the application followed by trailing slashes to make the length of the strings the same before starting the application. I would hope there is a better way to this than editing the elf files.
./Configure shared --prefix=/$(printf "%0255d" 0) --openssldir=PLACEHOLDERDIR
Due to some very specific reasons we need to build an application which bundles it's own openssl library together with certs, config files and engines. This means that we deploy a directory containing the main binary and a folder
libwith the shared objects, among other,libsslandlibcrypto. To make this application link correctly to the libraries in any directory we can of course setRPATHto$ORIGIN/lib.The challenge we have is that during compilation of openssl we need to set the
--prefixand--openssldirpaths which of course is not known during compile time since these files are also bundled with the application.After this we can see that these paths gets hard coded into the library:
The only way I have come up with so far that makes the library portable is to compile the library with a really long placeholder path (since the offsets in an elf-file are fixed) and then replace that string in the elf-files to the location of the application followed by trailing slashes to make the length of the strings the same before starting the application. I would hope there is a better way to this than editing the elf files.
./Configure shared --prefix=/$(printf "%0255d" 0) --openssldir=PLACEHOLDERDIR