Linking with xlC on AIX: Choose a specific library version

Question

I'm trying to dynamically link a C++ application with libssl (and libcrypto) on an AIX development machine using the xlC compiler. The problem is, that the SSL version installed on the development machine differs from the version installed on the target system in that libssl on the development machine has the version 1.1, but the target system has version 1.0.2 installed. So the execution of the application's binary on the development system works just fine, but the application fails to start on the target system since it tries to load the newer libssl.so.1.1 which simply does not exist there:

exec(): 0509-036 Cannot load program /path/to/app because of the following errors:
        0509-150   Dependent module /usr/lib/libssl.a(libssl.so.1.1) could not be loaded.
        0509-152   Member libssl.so.1.1 is not found in archive

Note that the application doesn't make any use of symbols defined in the newer version and thus should be able to run with libssl.so.1.0.2 without any problems.

I did some research and understand that on AIX archive files like libssl.a can contain multiple versions of the library. This is the case for libssl.a on my development machine:

$ ar tv /usr/lib/libssl.a
rw-r--r--     0/0     728674 Sep 22 08:09 2022 libssl.so
rw-r--r--     0/0     510766 Sep 22 08:09 2022 libssl.so.0.9.8
rw-r--r--     0/0     728674 Sep 22 08:09 2022 libssl.so.1.0.0
rw-r--r--     0/0     728674 Sep 22 08:09 2022 libssl.so.1.0.2
rwxr-xr-x     0/0     1030429 Sep 22 08:10 2022 libssl.so.1.1

So in general libssl.so.1.0.2 should be available on the development machine. I wasn't able to determine how the compiler chooses the lib's version to link against. My guess is, it defaults to the newest version, but I'm not really sure here.

Is there any possibility to tell the xlC compiler to link my application with a specific version of libssl?

For the build process, create a special libssl.a archive which contains only the desired element. (Same for libcrypto.a) — Lorinczy Zsigmond, Jun 16 '23 at 18:23

score 1 · Answer 1 · answered Jun 17 '23 at 04:45

So in general libssl.so.1.0.2 should be available on the development machine.

That is not the library you can link against.

I wasn't able to determine how the compiler chooses the lib's version to link against.

Read about external library versioning here.

You can not "just link" against libssl.1.0.2, you must recompile against headers matching that version, or you'll get random crashes due to ABI mismatch.

So what you have to do is download, compile and install (into a non-system location, say $HOME/libssl-1.0.2/) libssl-1.0.2, then rebuild all of your object files pointing to that location (using -I $HOME/libssl-1.0.2/include), and finally link against the installed 1.0.2 library (-L $HOME/libssl-1.0.2/lib -lssl).

Chris Bowler · Answer 2 · 2023-06-19T18:58:32.243

Random note: it appears the AIX linker prefers to resolve symbols in the first archive member shared object before the latter.

In this case, I suspect the earlier shared objects are load-only for load compatibility. If you link against version X of libssl then you should load against X or later. If your build environment is newer than your run environment, you need a way of linking against minimum run environment version of the library (as the earlier poster instructed.)

Linking with xlC on AIX: Choose a specific library version

2 Answers2