[ntp:hackers] Dynamic ssl and crypto libraries

Danny Mayer mayer at ntp.isc.org
Tue Oct 25 06:41:09 PDT 2005


Brian Utterback wrote:
> Harlan Stenn wrote:
> 
>> Folks,
>>
>> https://ntp.isc.org/bugs/show_bug.cgi?id=517 contains a patch to use the
>> dynamic crypto and ssl libraries that are shipped with Solaris.  The
>> static libraries are not shipped.
>>
>> I'm tempted to look for dynamic or static libraries on all platforms,
>> and before I do this I thought I'd ask to see if there are any reasons
>> we should *not* look for dynamic libraries by default.
>>
>> One reason that leaps to my mind is that if somebody upgrades the
>> dynamic libraries without saving the older versions and there is an API
>> change, we're gonna have to abort.  If we use a static library we won't
>> have this problem.
> 
> 
> And if a serious bug is discovered in the static libraries, then you
> will have to rebuild. It is the classic dynamic vs. static library
> debate. If the dynamic libraries are properly versioned and maintained,
> then dynamic libraries are by far the best choice. If you are getting
> them out of someplace like /usr/local where you depend on the competence
> of the local system admin, then static is possibly better.
> 
> One might be inclined to use dynamic by default, and use static if
> the "with-openssl-libdir" is used, but that is only true if you have
> configured all of the places that each distribution delivers openssl
> and not configured /usr/local and any other popular but local spot.
> This is not true for Solaris, for instance, which delivers openssl in
> /usr/sfw/lib and /use/sfw/include. I would be happy if those were added
> to the searched directories, by the way.

So did something change on Solaris that static worked before and now
doesn't?

Danny



More information about the hackers mailing list