1

I'm using a library that uses OpenSSL, which I haven't used before.

When building OpenSSL 1.1.0, you can supply the configure script with the absolute path the OpenSSL folder. (The default for a 32-bit Windows build is C:\Program Files (x86)\Common Files\SSL.)

This absolute folder name then ends up in the libcrypto library. (There seem to be two main uses of this: some stuff in the X509 code, and in the "engines" system.)

My code is itself a library, to be provided as a DLL for use by 3rd party software, so the idea of having absolute paths baked into it seems a bit unappealing.

But I downloaded some guy's binary build of OpenSSL and that had references to D:\opensource\openssl-dist-1.1.0b-vs2015\openssl-x64-shared-debug-vs2015\lib\engines-1_1... even though I doubt many computers have that folder.

So should I just be ignoring this?

Should I be doing something to stop OpenSSL accessing these paths at runtime?

Should I be configuring them at runtime somehow?

(I imagine something similar with apply to OS X. For Linux I will probably just have my library link with the system version of OpenSSL.)

Tom Seddon
  • 2,648
  • 1
  • 19
  • 28
  • 1
    Also see [Which directory is the openssldir?](http://stackoverflow.com/q/24959340), [How to change OPENSSLDIR on Ubuntu?](http://stackoverflow.com/q/38337740) and [Correct location of openssl.cnf file?](http://stackoverflow.com/q/21477210) – jww Nov 17 '16 at 00:43
  • 1
    Also see [CONF-less OpenSSL configuration?](https://mta.openssl.org/pipermail/openssl-users/2016-November/004854.html) on the OpenSSL mailing list. I have been meaning to ask about that for some time. – jww Nov 17 '16 at 01:04

0 Answers0