I'm working on an application that uses Boost.Beast and TLS connections. As part of my application's build process, I need to compile OpenSSL into a static library. OpenSSL takes a long time to compile and I'm trying to reduce the build time. I see that OpenSSL's config script has many options for disabling parts of the library.
Is there a list of all the OpenSSL options that I can safely disable, and still be able to use TLS connections via Beast?
The reason I'm not using the preexisting shared library is that I want to be able to deploy a portable, self-contained binary to a target device other than my development PC.
For convenience, here is the link to the OpenSSL document listing config options: https://github.com/openssl/openssl/blob/master/INSTALL
I am not aware of an exhaustive list.
A good start are the build options for embeded systems like openwrt.
https://github.com/openwrt/openwrt/blob/master/package/libs/openssl/Makefile
or buildroot.
https://github.com/buildroot/buildroot/blob/master/package/libopenssl/libopenssl.mk
Related
Problem
How can I distribute a c++ library as source code along with the source code of libcurl and let the consumer of the library handle building it as needed? I'm using FastBuild as a build system.
Context
I have a C++ library that I distribute as source and let the clients handle building it along with their code.
The repo includes the source for a dependency as well, tinyxml, which is built along with the library itself thus becoming completely transparent for the clients.
It has worked fine up to now but clearly does not scale well for more complex dependencies, such as libcurl.
Things I've considered as an alternative to bundling libcurl's source
have pre-compiled libraries of libcurl. But I don't know which platforms/flags the consumer is going to use
have libcurl installed on the build machine. It would require extra setup steps for the consumer, it won't be just pulling the code and using
Edit 1: Update with build system
You didn't mention which build system are you using.
If you are using cmake, you can make use of ExternalProject_Add to download/build/install the dependent library.
See examples:
https://cmake.org/cmake/help/git-stage/module/ExternalProject.html#examples
If I understand you correctly you need that any client who obtains source code of your library would be able to also obtain corresponding source code of libcurl and tinyxml libraries.
Personally I would use cmake for that purpose as #brokenfoot has already suggested. But instead of ExternalProject_Add it seems that in your case FetchContent would be enough and less complicated: https://cmake.org/cmake/help/latest/module/FetchContent.html
To set CAINFO option on CURL* currently I am including the CACert.pem file downloaded from https://curl.haxx.se/ca/cacert.pem with the binary.
Is there a way to have that file included within project so that its within binary and there is no need to explicitly specify CAINFO option?
I believe there is some way, because the same calls without setting CAINFO work on OSX where I am using system curl library.
It depends!
libcurl itself can get built to use a large number of different TLS libraries and they all have their own little differences. The devil is really in the details as usual.
mac
The "native" libcurl on macOS is built to use the internal "secure transport" TLS library and by default it uses the internal "trust store" that Apple ships. Most applications thus won't need to provide any CA certs.
Many people are however opting to use their own custom build on mac as well and then it may use nother TLS library (mostly done since the native mac one is fairly limited in functionality).
windows
Similarly, libcurl on windows built to use schannel (the native windows TLS solution) can use the Windows internal trust store.
A libcurl on Windows that is built to use OpenSSL, however - which is the most popular TLS library choice - needs a separate and provided trust store to use, since it won't use the default one. You can then provide that trust store either as a separate file to pass to libcurl or you set it using the CURLOPT_SSL_CTX_FUNCTION callback as show in the cacertinmem example from the curl web site.
I built a simple c++ application using Netbeans on ubuntu.
in the application I use mysql_connection and curl.
the application is working fine on my local system (Ubuntu)
when I tried to run the application on my Centos server I get this message:
error while loading shared libraries: libmysqlcppconn.so.5: cannot open shared object file: No such file or directory.
tried to check if the libmysqlcppconn.so.5 library exists on the server or not I found that there is the following:
REMOTE (Centos)
**in [/usr/local/lib]**
libmysqlcppconn-static.a
libmysqlcppconn.so#
libmysqlcppconn.so.7#
libmysqlcppconn.so.7.1.1.3*
LOCAL (Ubuntu)
**in [/usr/lib]**
libmysqlcppconn-static.a
libmysqlcppconn.so#
libmysqlcppconn.so.5#
libmysqlcppconn.so.5.1.1.0*
why can't the application run? How can I fix it?
You should build and package it for your server.
Your application was linked against a different (incompatible) version of one of the libraries it uses.
IMHO the simplest is often to build it on the box it is going to run on.
In general, there is no guarantee that a binary built on a Linux system will work on a different Linux system (either a different distribution or a different version of the same distribution). For some applications it's enough to copy the library files (lib*.so*) or linking it statically (gcc -static), but in general distributing programs for multiple Linux systems is more complicated without an easy solution.
One solution is to recompile your program for each system you want to run it on. For that you need to install the compiler and the library dependencies (including the *-devel packages) first to those systems.
I have a NPAPI plugin that is used for Screen-sharing.
For that I am using zlib, jpeg, tight-vnc libraries along with a library(say libX) that is developed by me.
Now I wish to port it to NaCl.
libX has structure like:
/X/commonfiles
/X/win/*.cpp *.h
/X/linux/*.cpp *.h
/X/mac/*.cpp *.h *.mm
These directories contain cpp files specific to the platform.
I make use of makefiles to compile them according to the platform.
But I am unable to understand how NaCl toolchain will generate a nexe or pexe from my library/code.
Is there any makefile we have to consider or any other thing I'm missing.
Please Help!
Thanks!!!
First, NaCl is a sandboxing technology that provides security when running native code in a browser. As such, you will not be able to access the user's filesystem directly (as you would be able to with an NPAPI plugin). You may need to modify your library to support NaCl as a new "operating system".
That said, a lot of functionality is available through the Pepper Plugin API (PPAPI), which allows your NaCl plugin to communicate with the browser. In addition, the nacl_io library that comes with the NaCl SDK provides a more familiar POSIX-like interface, to support File I/O and sockets.
It shouldn't be too hard to try building your library using the pnacl toolchain as follows:
Download the Native Client SDK. When you're done, you should have a directory called pepper_31 that contains the Native Client SDK.
The Native Client build will likely be most similar to your Linux port. In your makefile, change any build rule that executes your native toolchain to use the pnacl toolchain instead, e.g.
g++ => pepper_31/toolchain/linux_pnacl/bin/pnacl-clang++
ar => pepper_31/toolchain/linux_pnacl/bin/pnacl-ar
etc.
Try building your Linux build. You probably will have some compilation failures, maybe from missing libraries, maybe from header differences. Depending on what your library does, you may need to modify it to use the PPAPI, to access things like graphics, sockets, URL requests, File IO, etc.
Once you do this, you'll likely have some more specific questions about how to implement features that you need. :)
I am completely new to Native Client and unfortunately I am also quite inexperienced with 'make', compiling etc., so I hope you may give me some basic information on how to approach my
problem.
So what I am trying to accomplish is compiling a C++ library for using it in a NaCl application.
First I have my application based on the examples delivered with Pepper, which I simply compile using the attached 'make.bat'.
Well then I downloaded the source code of the library, containing folders like 'config' and 'src', so first i would have to call 'configure', 'make', 'make install'. But i would like to let the library compile with that 'make.bat', so I guess I would have to append the complex configure/Makefile scripts of the library to the Makefile of my NaCl application?
How can that be done?
Where can i find useful information and/or help?
Thank you!
You can look to nacl ports project to see how porting libraries to NaCl can be done. NaCl ports works best on Linux platform, so you better have a virtual machine with it or work on it directly.
There is one more trick to port libraries. People create wrapper scripts around compiler and linker. These wrapper scripts call nacl compiler and linker but they also create a shell script that calls the resulting NaCl executable using sel_ldr. This script is returned instead of executable (this is Linux-only trick). This way configure and make can execute NaCl code and do not suspect anything. So normal configure/make process can be used, we just need to set compiler and linker to these wrapper scripts.
Since you are probably not going to develop library itself, it is best to compile it once and then use it in your makefile. Add -l option with the name of your library and -L option with path to library directory. You can use GLIBC_LDFLAGS variable in the example makefile for these options.
Did you know that you can use Visual Studio to developer NaCl applications?
http://mainroach.blogspot.com/2012/10/official-nacl-vs2010-add-in-available.html