On Sat, Apr 7, 2012 at 21:09:33 +0200, Sven Joachim wrote:
> On 2012-04-07 20:39 +0200, Marc Singer wrote:
>
> > On Sat, Apr 7, 2012 at 10:55 AM, Sven Joachim <svenj...@gmx.de> wrote:
> >>
> >> Apparently shellinaboxd is statically linked with ssl, which is bad.
>
> Sorry, should have read the build logs more carefully and actually
> peeked in the source code.
>
> > No, it's dynamically link at runtime which is good. :-)
>
> It dlopens libssl.so which is not good, since that file only exists if
> libssl-dev is installed.
>
> > I'm looking into how to get a Recommends: dependency on libssl without
> > knowing the soname a priori.
>
> Trick upstream into linking against ssl rather than dlopening it? Until
> that happens, I don't have a better idea than to patch libhttp/ssl.c:
>
> --8<---------------cut here---------------start------------->8---
> diff --git a/libhttp/ssl.c b/libhttp/ssl.c
> index f9cb37f..0d39079 100755
> --- a/libhttp/ssl.c
> +++ b/libhttp/ssl.c
> @@ -298,7 +298,7 @@ static void loadSSL(void) {
> { { &X509_free }, "X509_free" }
> };
> for (unsigned i = 0; i < sizeof(symbols)/sizeof(symbols[0]); i++) {
> - if (!(*symbols[i].var = loadSymbol("libssl.so", symbols[i].fn))) {
> + if (!(*symbols[i].var = loadSymbol("libssl.so.1.0.0", symbols[i].fn))) {
> debug("Failed to load SSL support. Could not find \"%s\"",
> symbols[i].fn);
> for (unsigned j = 0; j < sizeof(symbols)/sizeof(symbols[0]); j++) {
> --8<---------------cut here---------------end--------------->8---
>
> and to add a "Recommends: libssl1.0.0" to debian/control. Of course,
> this will break on the next libssl soname change.
>
That stuff's insane. Please just link against -lssl properly instead of
playing dlopen tricks.Cheers, Julien
signature.asc
Description: Digital signature
