Openssl 3.0.0

Julien ÉLIE julien at
Fri Sep 10 13:28:24 UTC 2021

Hi Russ,

>> is there a reason why lib-pathname.m4 checks for /usr/lib32 or
>> /usr/lib64 only?  I suggest to also add a check for /lib32 or /lib64.
>> With the following patch, configure correctly finds
>> /home/iulius/work/openssl-3.0.0/lib64 Note that I have /lib64 but not
>> /usr/lib64 on an (old) Jessie Debian system.  Seems like newer versions
>> have both.
> Debian does not use /lib64 paths, so it's correct to not detect this on
> Debian.  (They're explicitly forbidden by Debian Policy in favor of using
> multiarch.)  This seems like a bug in OpenSSL that nontheless it installed
> itself in <prefix>/lib64, presumably assuming the whole world is Red Hat.

It was indeed a late change in July 2021 before the final OpenSSL 3.0.0 

Prior to OpenSSL 3.0.0, <prefix>/lib was always used; now it is 

> I assume you were using --with-openssl.  You can work around this
> with --with-openssl-libs, but it would probably be better if you
> didn't have to if OpenSSL does this everywhere.
Yes, I was using --with-openssl=/home/iulius/work/openssl-3.0.0

Now, I have to use both --with-openssl=/home/iulius/work/openssl-3.0.0 
--with-openssl-lib=/home/iulius/work/openssl-3.0.0/lib64 as you say, for 
the build to work on Jessie.

On Debian Buster, I see symlinks for /libXX to /usr/libXX

lrwxrwxrwx   1 root root    7 Jan  8  2021 lib -> usr/lib/
lrwxrwxrwx   1 root root    9 Jan  8  2021 lib32 -> usr/lib32/
lrwxrwxrwx   1 root root    9 Jan  8  2021 lib64 -> usr/lib64/
lrwxrwxrwx   1 root root   10 Jan  8  2021 libx32 -> usr/libx32/

so the build would work fine without --with-openssl-lib

The issue comes with at least (old) Debian Jessie where I have /lib, 
/lib64 (with only inside) and /usr/lib (without 

> If we want to work around this bug, we need different logic for
> RRA_SET_LDFLAGS than for RRA_SET_LIBDIR, since it's incorrect on this
> system for the latter to use /lib64, but the former should presumably fall
> back to /lib64 if /lib is not present.

Yes, the fix is more complex than suggested in my previous message.
In the GCC C Farm, I for instance see Alpine with /lib and /usr/lib only 
but OpenSSL configure sets LIBDIR=lib64
So indeed the current logic when we set LDFLAGS without explicit 
--with-xxx-lib=<path> is broken with the new behaviour of OpenSSL 
3.0.0...  And maybe other software, I do not know.

Julien ÉLIE

« La vérité pure et simple est très rarement pure et jamais simple. »
   (Oscar Wilde)

More information about the inn-workers mailing list