To compile OpenSSL with pkcs11 engines, you need to apply a special patch which can be found at Miscellaneous OpenSSL Contributions. This patch is maintained by Jan Pechanec who's blog has more information about it.
The latest conribution is for OpenSSL 0.9.8j, but when writing this, OpenSSL was at 0.9.8p. I spent about an hour and patched his patch to the latest release. You'll at least need to change the shabang.
Using the Solaris Cool Tools version of gcc (GCC4SS) version 4.3.3, I can use additional niagara2 optimizations that are not available with the OS-bundled gcc.
My compile script ends up looking like (minus my environment variables):
gunzip -c openssl-${OPENSSL_VER}.tar.gz | tar xfvp -
#Change to the build directory
cd openssl-${OPENSSL_VER}
# apply pkcs11 patch
gpatch -p1 < ../pkcs11_engine-0.9.8p.2009-11-19/pkcs11_engine-0.9.8p
# fix the solaris optimizations to use niagara2
cp Configure Configure.old
nawk ' /solaris64-sparcv9-gcc/ { gsub(/-mcpu=ultrasparc/,"-mcpu=niagara2"); print $0 } ! /solaris64-sparcv9-gcc/ { print $0 } ' Configure.old > Configure
# note the --pk11-libname parameter added by the patch
./Configure --prefix=${OPENSSL_DIR} --pk11-libname=/usr/lib/sparcv9/libpkcs11.so threads shared solaris64-sparcv9-gcc -R${GCCRT_DIR}/lib/sparcv9 -L${GCCRT_DIR}/lib/sparcv9
make
make install
No comments:
Post a Comment