Joseph Tam jtam.home@gmail.com wrote:
For every program I compile myself, I link it against my custom OpenSSL library (always newest version; distributions usually tend to stick with a specific version and only apply security fixes).
OK, the origin of your problem becomes clearer. You can hardcode these paths into the executables by doing something like
env CFLAGS='-I/my'ssl/include'
LDFLAGS='-L/your/ssl/lib -Wl,-rpath,/my/ssl/lib'
configure ...
Yes, exactly, that's my usual approach. I've used this as well for building other software with custom libraries.
Unfortunately, I remember CFLAGS/LDFLAGS didn't play well with Dovecot, so I used SSL_CFLAGS/SSL_LIBS as suggested by the documentation and that worked well.
I use this myself (except the -Wl part since these libs are symlinked to my shared library path). I think "-R/my/ssl/lib" might also be synonymous with -Wl,...
Based on your mail I've tried CFLAGS/LDFLAGS again, and now Dovecot didn't even compile any longer.
I was close to giving up. But obviously, I didn't ... :-)
After some investigation I found the non-default linker option "-Wl,--as-needed" as problem which is enabled by Dovecot for unknown reasons.
Finally, this call to "configure" generates proper Makefile files to build Dovecot with a custom SSL library:
env CPPFLAGS="-I/usr/local/ssl/include" LDFLAGS="-L/usr/local/ssl/lib -Wl,-R/usr/local/ssl/lib" LIBS="-Wl,--no-as-needed -lcrypto -lssl" SSL_CFLAGS="-I/usr/local/ssl/include" SSL_LIBS="-L/usr/local/ssl/lib -Wl,-R/usr/local/ssl/lib -Wl,--no-as-needed -lcrypto -lssl" ./configure --prefix=/usr/local/dovecot --with-ssl=openssl
(chances are that SSL_CFLAGS/SSL_LIBS could be removed completely but it won't hurt)
I've read the section in the "ld" manual but still don't understand why Dovecot enables --as-needed (never seen that before with other software) and why it's such a big problem. But I'm no expert here.
I don't have that problem -- I use configure to tell dovecot where to find my self-compiled openssl, and the resulting executables load from where I want.
Thanks for pointing me at the proper direction again. Now Dovecot 2.2.25 compiles for me with a custom SSL.
I understand that this issue might not have a high priority but maybe one of the developers could check if "--as-needed" is really needed (as it confuses people who try to use custom libraries) and what's the deeper meaning of SSL_CFLAGS/SSL_LIBS.
My system is a regular CentOS 6 (latest sub-release with all patches), nothing special except for a custom SSL installation.
Greetings, Andreas