--with-openssl and OPENSSL_OPT

Maxim Dounin mdounin at mdounin.ru
Tue Sep 13 16:55:58 UTC 2016


On Tue, Sep 13, 2016 at 05:56:32PM +0200, Ondrej Novy wrote:

> 2016-09-13 3:40 GMT+02:00 Maxim Dounin <mdounin at mdounin.ru>:
> > If you need to configure openssl configure options which require
> > "make depend", you can run "make depend" yourself before making
> > nginx (and thus OpenSSL).
> >
> so I should run config+make depend+make myself? That doesn't work, nginx
> calls config nevertheless and thus overwritting my config.

Try something like this:

./configure --with-http_ssl_module --with-openssl=/path/to/openssl-1.0.2h --with-openssl-opt=no-idea
(cd /path/to/openssl-1.0.2h; make depend)

On the first "make", nginx will run OpenSSL config and then try to 
build it.  The build will fail due to no "make depend" (actually, 
you can stop it with Ctrl-C right after OpenSSL's configure).  
On the second "make", the build will succeed.

> Alternatively, you can make OpenSSL yourself instead of asking
> > nginx to do it for you.  Note that using --with-openssl option of
> > nginx configure is not something required for static building with
> > OpenSSL.  Rather, it's a convenient shortcut to make things easier
> > in common cases.
> >
> I have built OpenSSL libs, so i have .s + .h files :). How to point nginx
> to this files to static link them please?

You need .h (include) and .a (static library) files.  Then use 
compiler and linker options to specify paths to include and 
library files, -I and -L respectively.  Use "--with-cc-opt" and 
"--with-ld-opt" to pass the options through nginx configure:

./configure --with-cc-opt="-I /path/to/openssl/include" --with-ld-opt="-L /path/to/openssl/lib"

Note that there should be no dynamic libraries (*.so) for OpenSSL 
available in the lib path specified, or they will be used instead 
of static libraries.  To prevent dynamic libraries from appearing 
you can configure OpenSSL with the "no-shared" flag, much like 
nginx does itself.

Full procedure to build both OpenSSL and nginx with it will look 
like this:

cd /path/to/openssl-1.0.2h
./config --prefix=`pwd`/.openssl no-shared no-idea
make depend
make install_sw
cd /path/to/nginx
./configure --with-http_ssl_module \
    --with-cc-opt="-I /path/to/openssl-1.0.2h/.openssl/include" \
    --with-ld-opt="-L /path/to/openssl-1.0.2h/.openssl/lib"

Maxim Dounin

More information about the nginx-devel mailing list