Finding libssl on a customer's Linux
I'm not sure how you're opening libssl - I assume dlopen()?
Searching a hard-coded list of directory paths for a library sounds rather fragile - you'd be better off letting the dynamic linker do the work for you. Perhaps parsing the output of ldconfig -p is worth trying? On a Debian system, I see the following:
$ ldconfig -p|grep ssl
libssl.so.1.1 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libssl.so.1.1
libssl.so.1.0.2 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.2
On a RHEL 7.4 system:
$ ldconfig -p|grep ssl
libssl3.so (libc6,x86-64) => /lib64/libssl3.so
libssl.so.10 (libc6,x86-64) => /lib64/libssl.so.10
Note that on the Debian system the library is in /usr/lib/x86_64-linux-gnu, whereas on the RHEL system it's in /lib64 (also note the widely varying library names). Unless you use something like the output of ldconfig, you're going to have to search all of those distribution-specific paths yourself if you plan to "work on any Linux system". Admittedly, the directory paths are listed in /etc/ld.so.conf but I think using ldconfig is probably still easier.
maaartinus
Updated on September 18, 2022Comments
-
maaartinus over 1 year
We're using a library which needs to load
libsslin a version1.0.*. It doesn't work withlibssl.so.1.1. We need it to work on any Linux system.We try to load various versions and this usually works, but on system of one customer there's just the following:
/usr/lib64/libssl.so.1.1.0g /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.1.0.2m /usr/lib64/libssl.so.1.1We're trying to load
libssl.so.1.0andlibssl.so.1.0.2, but it doesn't findlibssl.so.1.0.2mbecause of the trailing "m".I wonder what's the naming scheme of libssl, if any?
Do we really need to provide our own version or is there a better way?
Should we loop from
libssl.so.1.0.2zdown tolibssl.so.1.0.2a? Should we scan the library path manually?-
Rui F Ribeiro over 6 years
ln -s /usr/lib64/libssl.so.1.0.2m /usr/lib64/libssl.so.1.0.2might work. -
maaartinus over 6 years@RuiFRibeiro There are two problems with it: 1. Knowing the exact name. 2. It's a customer's computer.
-
Rui F Ribeiro over 6 yearsThe bigger problem might be not having a test system then. Test the
ln, is harmless and can be removed easily. See also @mjturner answer, it recalls important details. -
Andrew Henle over 6 yearsHow are you distributing your library? Don't try to find a compatible copy of OpenSSL on someone else's computer that you have no control over - bring the copy with you. The most reliable way is to distribute a known-compatible copy of the necessary OpenSSL libraries with your own library. Put the OpenSSL shared object(s) in the same directory as your library then find and
dlopen()it, or statically link OpenSSL and build your shared object(s) so they incorporate the OpenSSL object files from the OpenSSL static libraries.
-
-
Rui F Ribeiro over 6 yearsI think the OP is not in Debian. +1
-
maaartinus over 6 years@RuiFRibeiro I was told, the problematic system is Fedora; anyway we need a solution for any Linux desktop . But
ldconfigand/or/etc/ld.so.confmay be portable enough. -
Rui F Ribeiro over 6 yearsI agree, that is why I voted you up.
-
mjturner over 6 years@RuiFRibeiro Indeed, but the same solution should apply.
ldconfig -pshould work on any Linux system (I've just confirmed and added some detail). -
Rui F Ribeiro over 6 yearsYou understand I just commented it was not Debian, right?
-
mjturner over 6 years@RuiFRibeiro I did :)
