I’m building nginx 1.8.0 on linux/64.
I have openssl 1.0.2a built locally, and installed into /usr/local/ssl
which openssl
/usr/local/ssl/bin/openssl
I’ve configured nginx build with
./configure
…
–with-cc-opt=’… -I/usr/local/ssl/include -I/usr/local/include’
–with-ld-opt=’-L/usr/local/ssl/lib64 -Wl,-rpath,/usr/local/ssl/lib64
-lssl -lcrypto -ldl -lz’
–with-http_ssl_module
…
checking after build/install, the intended ssl libs ARE correctly linked
ldd objs/nginx | egrep -i “ssl|crypto”
libssl.so.1.0.0 => /usr/local/ssl/lib64/libssl.so.1.0.0
(0x00007f9cedd2b000)
libcrypto.so.1.0.0 => /usr/local/ssl/lib64/libcrypto.so.1.0.0
(0x00007f9ced8e8000)
But ‘nginx -V’ references BOTH the system-installed OpenSSL 1.0.1k-fips,
and ‘my’ OpenSSL 1.0.2a
nginx -V
nginx version: nginx/1.8.0
built with OpenSSL 1.0.1k-fips 8 Jan 2015 (running with OpenSSL
1.0.2a 19 Mar 2015)
TLS SNI support enabled
configure arguments: …
I want to ensure that the system-installed OpenSSL 1.0.1k-fips is
completely UNinvolved.
What needs to change in the build/config to make sure that it’s not?
grant