> On 17 Jul 2014, at 3:37 pm, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: > > On Thu, Jul 17, 2014 at 03:22:28PM +1000, James Brown wrote: > >> $ locate lib/libssl >> /usr/lib/libssl.0.9.7.dylib >> /usr/lib/libssl.0.9.8.dylib >> /usr/lib/libssl.1.0.0.dylib >> /usr/lib/libssl.a >> /usr/lib/libssl.dylib >> /usr/local/ssl/lib/libssl.a > > I expected that you only had static libs in /usr/local, and the > linker searched the path for dynamic libs first. Turns out that's > only part of the story, the libraries are /usr/local/ssl/lib/ (any > symlinks from /usr/local/lib? locate(1) may be telling the whole > story).
No mention of ssl in /usr/local/lib > >> I'm guessing ssl directory at /usr/local/ is the problem? >> If so, mv everything from /usr/local/ssl/ to corresponding place in >> /usr/local? > > No, rather adjust AUXLIBS to match the correct install location. But > you built static OpenSSL libraries, and should have build shared ones. OK. Will rebuild OpenSSL as per your ./Configure, and then I won’t have to change AUXLIBS, correct? > >> The Makefile from my OpenSSL 1.0.1h directory has: >> >> PLATFORM=darwin64-x86_64-cc >> OPTIONS=--prefix=/usr/local --with-fipsdir=/usr/local fips >> no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 >> no-rsax no-sctp no-shared no-store no-zlib no-zlib-dynamic static-engine > > Why "no-shared”? No idea. > Why "fips"? Nobody in their right mind wants > "fips" unless forced to sell to the USG, or forced to use by USG. Because new version (5.02) of Stunnel was not giving the error "configure: WARNING: OpenSSL fips header not found”. No longer needed in the 5.03 beta: "The idea is that you need an OpenSSL library built with a FIPS canister. stunnel then only uses this library, and not directly the canister. "Consequently, the FIPS header file is no longer used by stunnel. I removed the dead code. Please try: https://www.stunnel.org/downloads/beta/stunnel-5.03b1.tar.gz -Mike Trojnara" > >> I think I just used ./configure darwin64-x86_64-cc > > ./Configure --prefix=/usr/local shared darwin64-x86_64-cc Will do. > > But you really should consider homebrew or macports. The only > downside of homebrew is that the libraries belong to a non-root > user. So if that user is compromised, so is root. On a typical > personal system, that's not much of an issue. In any case you need > to choose a package management system (homebrew, macports, pkgsrc, > ...) and use it consistently. You're having too much trouble > doing the integration from the ground up. This is definitely something I need to look into! Thanks, James.
smime.p7s
Description: S/MIME cryptographic signature
