On 2006.10.20 at 12:05:11 +0400, Victor B. Wagner wrote:

> Second problem with cross build is that make does certificate
> rehash, using freshly compiled c_rehash program. It doesn't lead to make
> failure, but it would be nice to be able to redefine c_rehash as well,
> and use one from host system OpenSSL during build stage (of course, for
> cross-builds only).

More detailed problem with c_rehash under Win32:

I. Running make rehash in Win32/msys environment using ActiveState perl

1. msys shell pwd command without -W option outputs path which looks
like /h/src/openssl, which confuses ActiveState Perl. It understands
only h:/src/openssl.

2. ActiveState perl doesn't consider util/opensslwrap.sh executable
and reports 'openssl' command not found. Really opensslwrap script is
not needed under win32, because openssl.exe would always search for DLL
in the directory where it resides itself, and DLLs are copied there
during build process. File with .exe suffix is recongnized as
executable, so passing OPENSSL="`pwd -W`/apps/openssl.exe" to c_rehash makes
it work under msys+AS perl environment. But due to problem 3 it only
reports a lot of "file not found" errors.

3. c_rehash uses signle quotes around filename to pass certificate name
to openssl x509 -hash

my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;

It doesn't work with ActiveState perl (which is most widespread native
Win32 perl implementation). Really, it doesn't work with any
implementation of Perl which uses native Windows command interpreter to
handle backtick commands. Changing single quotes there to double quotes
makes command more universal.

II. Running c_rehash on non-windows build platform.

It only requires way to override OPENSSL variable passed to c_rehash.
Something like HOST_OPENSSL=/usr/bin/openssl

So, if we write make rehash target following way:

rehash: rehash.time
rehash.time: certs
(if [ $$OSTYPE = msys ]; then \
OPENSSL=$${HOST_OPENSSL:-`pwd -W`/apps/openssl.exe};\
echo $$OPENSSL;\
$(PERL) tools/c_rehash certs)
touch rehash.time

and change signle quotes to double in the c_rehash
functions link_hash_cert and link_hash_crl (this is a bit tricky because need
to escape double quotes properly, counting all rounds of substitution which can occur),

this would work in msys, and also would allow to make rehash on cross-build platform by adding HOST_OPENSSL=/usr/bin/openssl (or whereever your native openssl binary is) when doing make.

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org