Open antecrescent opened 12 months ago
I'm not sure what the ideal solution is here. Unconditionally linking zlib if static libs are used doesn't seem like the right thing to do. Note that this problem doesn't only apply to zlib, but any library that openssl might optionally depend on (zstd, brotli, libxml, etc).
Ideally openssl would indicate what libraries it needs and would link those itself. Maybe we need to switch to use autotools instead?
FindOpenSSL.cmake exposes the found OpenSSL crypto library and its dependencies via the OPENSSL_CRYPTO_LIBRARIES
variable. Since cmake >= v3.26.0 it detects libdl, libz and the thread library on Linux systems using pkg-config. Other optional dependencies would still be an issue..
I've only ever used autotools as an end user. Unfortunately, I cannot give any input on whether a switch would be beneficial, sorry.
Problem/Question:
Do you support OpenSSL built with support for SSL/TLS compression? Your install scripts for OpenSSL build the library without it (
no-zlib
) but there is no mention of it in the build documentation.Currently, the build fails when the test binaries are linked against a static OpenSSL libcrypto with support for SSL/TLS compression:
Solution:
Account for the dependency on zlib, possibly like so:
Requirements / Acceptance Criteria:
What must a solution address in order to solve the problem? Either
AWS::crypto
's dependencies when it imports the static OpenSSL libcrypto with support for SSL/TLS compression.Out of scope:
The solution does not address the possibility that zlib may be used in the project but not be a dependency of OpenSSL.