Platform: NetBSD 1.6.1 x86 (full ./testlog attached below)
OpenSSL: 0.9.8b

openssl command fails to load, when built with
libssl and libprypto as both shared, and
the OS tries a good job on finding shared library dependencies on runtime.

>> kabe@vega% /usr/ssl/bin/openssl
>> Shared object "" not found

Standard problems, such as missing RPATH in the executable, is
already eliminated.

What is happening:
1) openssl executable is built with RPATH=/usr/ssl/lib, and
2) The dynamic loader first pulls in and,
using the executable's RPATH=/usr/ssl/lib as the search path,
which succeeds in loading
/usr/ssl/lib/ and /usr/ssl/lib/ .
3) The pulled in is built with
4) The dynamic loader thus tries to load,
this time using the default search path only,
which tries for only /usr/lib/,
and fails.
(This particular loader seems not try to compare filename or signature
for already loaded library)

Setting LD_DEBUG=1 will reveal the steps:

>> kabe@vega% env LD_DEBUG=1 /usr/ssl/bin/openssl version
>> processing mapping " machdep.fpu_present,
>> "
>> library ""
>> sysctl "machdep.fpu_present"
>> sysctl 7, 1
>> sysctl 7, 2
>> library ""
>> library ""
>> key "1"
>> /usr/libexec/ld.elf_so is initialized, base address = 0x480a2000
>> processing main program's program header
>> added path "/usr/ssl/lib" **** RPATH of openssl
>> preloading objects
>> loading needed objects
>> load by name 0x480af000
>> Searching for "" (0x480af200) **** request by openssl
>> Trying "/usr/ssl/lib/"
>> 0x480b5000 .. 0x480eefff: /usr/ssl/lib/
>> load by name 0x480af000
>> Searching for "" (0x480af200) **** request by openssl
>> Trying "/usr/ssl/lib/"
>> 0x480ef000 .. 0x48212fff: /usr/ssl/lib/
>> load by name 0x480af000
>> Searching for "" (0x480af200) **** request by openssl
>> Trying "/usr/ssl/lib/"
>> Trying "/usr/lib/"
>> added path "/usr/lib"
>> 0x48213000 .. 0x482b2fff: /usr/lib/
>> load by name 0x480af000
>> Searching for "" (0x480af400) **** request by
>> Trying "/usr/lib/" **** tries only default path, as RPATH of is unset
>> Shared object "" not found

The attached patch will always add the $(LIBRPATH) to RPATH,
also when building a shared library.

Workaround without the patch:
Build with "make SHARED_LDFLAGS=-Wl,-rpath,/usr/ssl/lib"

Note that the method of recursive searching the dependent shared library
is different on each OS;
- some os just ignores RPATH on *.so and only use the executable's RPATH
- some will use RPATH on the *.so individually for each loaded library (NetBSD)
- some will MERGE the current RPATH with the loaded *.so (IRIX)
so some platforms are, as the result, unaffected whether there's
RPATH on *.so or not.

There seems a debate many times on the list about setting RPATH
on the shared library, but it should NOT be a problem using ELF platform
on normal circumstances.

The Normal Circumstances:
- When compiling yourselves, you set the correct --prefix,
install where it should and off you go.
- When the Distributor wants the package to go to different directory,
he should first compile with --prefix with that directory.
- When the Administrator wants to install the package into directory
different from which the package defaults, he should setup
LD_LIBRARY_PATH himself. That's what the environ is for.

It could be a problem when the admin wants a twisted setup like
- the OS has /usr/lib/libz, /usr/lib/libssl and /usr/lib/libcrypto
- admin compiled the latest OpenSSL on /usr/local/lib
- he has another libz on /usr/local/lib/libz, which may or may not be new
(not unrealistic when you had built X11R* yourself)
- he wants the executables to use
/usr/local/lib/libssl, /usr/local/lib/libcrypto with /usr/lib/libz
but the admin already needs to grok with Makefile to properly link
with libs he wants. OpenSSL does't have to support that far.

OpenSSL self-test report:

OpenSSL version: 0.9.8b
Last change: When applying a cipher rule check to see if string matc...
Options: --prefix=/usr/ssl --openssldir=/usr/ssl enable-shared enable-zlib-dynamic no-asm no-gmp no-idea no-krb5 no-mdc2 no-rc5
OS (uname): NetBSD 1.6.1 NetBSD 1.6.1 (QQQ) #10: Thu Jun 19 18:21:56 JST 2003 i386
OS (config): i686-whatever-netbsd
Target (default): BSD-x86-elf
Target: BSD-x86-elf
Compiler: Using builtin specs.
gcc version 2.95.3 20010315 (release) (NetBSD nb3)

Test passed.

==== PATCH
diff -6 -ur openssl-0.9.8b-orig/Makefile.shared openssl-0.9.8b/Makefile.shared
--- openssl-0.9.8b-orig/Makefile.shared Sat Dec 17 05:52:38 2005
+++ openssl-0.9.8b/Makefile.shared Thu Aug 31 17:25:14 2006
@@ -148,13 +148,13 @@

SHLIB=lib$(LIBNAME).so; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"


#This is rather special. It's a special target with which one can link
#applications without bothering with any features that have anything to
#do with shared libraries, for example when linking against static

__________________________________________________ ____________________
OpenSSL Project
Development Mailing List
Automated List Manager