[Dovecot] [SOLVED] Building dovecot with SSL support on Solaris

Gary Gendel ggendel at sarnoff.com
Sun Oct 9 20:29:27 EEST 2005 

Christian,

The -ldl means that you wish to load the library that is used to
dynamically load shared libraries.  If you really needed to do this then
this brings up a small issue.

It is usually NOT a good idea to have openssl as a shareable library.
This opens up a serious vulnerability.  Take this scenario...

A person manages to gain root privedges.  He replaces the openssl
shareable library with a hacked version (say with a backdoor).  In doing
so, he's circumvented every program that uses openssl for security and
gained full access via lots of entry points (web services, ssh services,
etc.).

My suggestion is to build a static openssl library and then you won't
need to add the -ldl option.

Gary

Christian Schmidt wrote:
> Hi all,
> 
> Christian Schmidt, 07.10.2005 (d.m.y):
> 
> 
>>I'm just trying to build dovecot-1.0.alpha3 on a Solaris 9 machine
>>with SSL support.
>>No matter which options I call ./configure with - it always results in:
>>
>>Install prefix ...................... : /usr/local
>>File offsets ........................ : 64bit
>>I/O loop method ..................... : poll
>>File change notification method ..... : none
>>Building with SSL support ........... : no     <-- !
>>Building with IPv6 support .......... : yes
>>Building with pop3 server ........... : yes
>>Building with mail delivery agent  .. : yes
>>Building with user database modules . : static passdb passwd
>>passwd-file checkpassword (modules)
>>Building with password lookup modules : passwd passwd-file shadow pam
>>checkpassword (modules)
> 
> 
> I finally managed to make ./configure result in returning.
> Building with SSL support ........... : yes (OpenSSL)
> 
> I achieved this by adding "-ldl" to LDFLAGS. At the moment, my
> configure script looks like this:
> (Attention: First line may have been broken!)
> #! /bin/sh
> CC=gcc CFLAGS="-g -O" CPPFLAGS=-I/usr/local/ssl/include LDFLAGS='-L/usr/local/ssl/lib -ldl' ./configure \
>         --prefix=/usr/local \
>         --with-ssl=openssl \
>         --with-ssldir=/usr/local/ssl/certs
> 
> As I'm not very familiar with all the stuff concerning programming
> etc., I don't know exactly what this option "-ldl" means.
> All I can say is that it refers to how the binary to be produced will
> be linked against libraries.
> 
> Maybe someone can drop some words on this...?
> 
> Thanks to all of you who spent some brain on my problem!
> 
> Regards,
> Christian
>

More information about the dovecot mailing list