[ntp:hackers] Dynamic ssl and crypto libraries

Brian Utterback brian.utterback at sun.com
Tue Oct 25 06:11:57 PDT 2005

Harlan Stenn wrote:
> Folks,
> https://ntp.isc.org/bugs/show_bug.cgi?id=517 contains a patch to use the
> dynamic crypto and ssl libraries that are shipped with Solaris.  The
> static libraries are not shipped.
> I'm tempted to look for dynamic or static libraries on all platforms,
> and before I do this I thought I'd ask to see if there are any reasons
> we should *not* look for dynamic libraries by default.
> One reason that leaps to my mind is that if somebody upgrades the
> dynamic libraries without saving the older versions and there is an API
> change, we're gonna have to abort.  If we use a static library we won't
> have this problem.

And if a serious bug is discovered in the static libraries, then you
will have to rebuild. It is the classic dynamic vs. static library
debate. If the dynamic libraries are properly versioned and maintained,
then dynamic libraries are by far the best choice. If you are getting
them out of someplace like /usr/local where you depend on the competence
of the local system admin, then static is possibly better.

One might be inclined to use dynamic by default, and use static if
the "with-openssl-libdir" is used, but that is only true if you have
configured all of the places that each distribution delivers openssl
and not configured /usr/local and any other popular but local spot.
This is not true for Solaris, for instance, which delivers openssl in
/usr/sfw/lib and /use/sfw/include. I would be happy if those were added
to the searched directories, by the way.

"Having them stolen may become our distribution model..."
Nicolas Negroponte on the Hundred Dollar Laptop.
Brian Utterback - OP/N1 RPE, Sun Microsystems, Inc.
Ph:877-259-7345, Em:brian.utterback-at-ess-you-enn-dot-kom

More information about the hackers mailing list