Idea: dlopen OpenSSL

[probonopd]

http://www.bruijntjes.net/blog/post/8c504e2f4a79ff837221d77183c88d00

Static linking is not a good alternative for us either. The OpenSSL library is available on most systems, so it would be a waste of resources if we had linked it statically. But more importantly: the OpenSSL library is frequently updated. Every time that a security issue is fixed in OpenSSL, a new version gets installed. We would have to bring a new version of MailerQ out too if we had used static linking.

Luckily there is a third alternative to static and shared linking: calling dlopen(). With this system call it is possible to open a shared library and use the functions from it, without having to link with it. Your program just starts, and when it finds out that it needs to use a function from a specific library, it calls dlopen() to open that library. If the library is not available on the system, the function returns NULL and it is up to you, the programmer, to handle that. You can let the program gracefully die, try an alternative (older) version of the same library, or use a completely different library that offers the same sort of features. The downside of dlopen() calls is that it is a little slower, and that it adds complexity to your program as you suddenly need to manage pointer-to-functions.

We've used dlopen() for loading the methods from the OpenSSL library. When MailerQ starts, it tries to locate a version of the OpenSSL library that is known to be sufficient for MailerQ, and it uses the functions from that library. By using dlopen() in such a way we've managed to create a single executable file that can be installed on many different Linux distributions, and that uses the version of OpenSSL that is available.

[crayxt]

Please fix the subject, OpenSSH -> OpenSSL, thanks,