Re: Is it possible to force an application to use newer OpenSSL from pkgsrc?

[Jeffrey Walton <noloader%gmail.com@localhost>]

On Mon, Mar 29, 2021 at 3:02 PM Jason Mitchell <jmitchel%bigjar.com@localhost> wrote:
>
> > This loads the newer SSL libs. before the normal shared libs. are
> > tried. The runtime linker will then be able to satisfy program function
> > dependencies using the preloaded libraries.
> >
> > I still prefer the "building stunnel from source against the pkgsrc
> > OpenSSL"
> > method.
>
> Thanks for the info. I actually did rebuild stunnel from source but it
> still links against OpenSSL 1.1.1g. Did I need to set the
> LD_LIBRARY_PATH before make? Thanks!

I don't believe the issue is not NetBSD specific. It is a general
problem of programs linking against one version of the library at
build time, and then runtime linking against the wrong version of the
library at runtime. It is a plague on users. The idiots who thought
that was a good idea should be tarred, feathered and hung from a yard
arm.

You have a couple choices. First, switch to an operating system that
has fixed the problem, like OS X or Solaris.

Second, jump through hoops like setting RPATHs and RUNPATHS at compile
time, or using LD_LIBRARY_PATH at runtime.

I prefer to set RPATHs and RUNPATHS so I don't have to dick around
with LD_LIBRARY_PATH. OpenSSL has a wiki page on it at
https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs.

You should use a RUNPATH or RPATH for both OpenSSL and Stunnel.

Jeff