Force linking to static archives during make?

Francis Daly francis at
Wed Dec 18 22:13:08 UTC 2013

On Wed, Dec 18, 2013 at 12:03:31PM -0500, Jeffrey Walton wrote:
> > On Tue, Dec 17, 2013 at 04:16:55PM -0500, Jeffrey Walton wrote:

Hi there,

> >> How does one force nginx to use static linking for a library?

> In my case, if I distribute on Ubuntu 12.04 LTS, folks will likely get
> Ubuntu's version of OpenSSL since the names are the same and binary
> compatible. The Ubuntu folks disable TLSv1.1 and TLSv1.2, and they
> refuse to enable them (there's a bug report covering it).

I'd say that it's not nginx's job to work around undesired defaults
from Ubuntu.

Invite people to install your OpenSSL package instead, and they'll be
happy that all of their crypto-using tools have been enhanced.

However, you should be able to build whatever you want to, on your system.


> I just don't see how this can be done without enhancing/patching
> nginx's configuration subsystem.

It looks to me like you can either try to enhance nginx's config system
to use a syntax to specify exactly which libraries should be statically
linked and which should be dynamically linked (because restricting this
to just openssl is probably unreasonable)...

Or you can edit your generated objs/Makefile to include exactly the
syntax that your system needs for you to build it the way you want it
to be built.

Perhaps it is as simple as: remove "-lssl -lcrypto"; based on the examples
you provided.

  sed -i '/-lssl -lcrypto/s///' objs/Makefile

(For reference, on a random CentOS system here, I seem to need to use

  gcc t.c /usr/lib/libssl.a /usr/lib/libcrypto.a -lkrb5 -lz

to allow it to build cleanly.)

Then build, and distribute your build as widely as the licences allow.

I suspect that if you come up with a general config solution that works
everywhere that matters and avoids obnoxious syntax and doesn't add to
the maintenance burden, patches will be welcome.

But I also suspect that your use case is quite special, and may not be
worth the effort of a general solution.

(But I'm not going to stop you spending your time however you see fit.)

Good luck with it,

Francis Daly        francis at

More information about the nginx mailing list