I am trying to link openSSL directly into my application to see if I can figure out how to distribute my application as a hardened run time. (Sure, I can put the two dylibs into my .app package and sign them, and make the whole thing a hardened run time, but libssl has a non-versioned dependency on libcrypto and OSX won't allow that in a hardened run time. I can set up a pipeline to do a custom compile of openSSL with a modified link dependency, according to the openSSL mailing list, but someone there suggested that I just link the openSSL code directly into the binary. Sounds like a good idea to me if it works, and $Linklib looks like it should do the job.
Well... not so easy. I link the .a into my code on a Mac M1 with the instruction:
{$IFDEF FPC}
{$DEFINE STATICLOAD_OPENSSL}
{$LINKLIB libcrypto.a}
{$LINKLIB libssl.a}
{$ENDIF}
(The STATICLOAD_OPENSSL is a define in the openSSL 1.1x branch of Indy)
When I compile, I get this error:
Error: linker: "___chkstk_darwin", referenced from:
Debug: _BN_mod_exp_mont_consttime in libcrypto.a(bn_exp.o)
Debug: _do_ssl3_write in libssl.a(rec_layer_s3.o)
Debug: _tls_parse_ctos_cookie in libssl.a(extensions_srvr.o)
Debug: _curve448_base_double_scalarmul_non_secret in libcrypto.a(curve448.o)
Debug: _ERR_print_errors_cb in libcrypto.a(err_prn.o)
Error: ld: symbol(s) not found for architecture arm64
All the online help I can find suggests that this is OS version problem in the linker. And indeed, prior to that, I get 100s of errors like this:
Error: ld: warning: object file (/Users/grahame/work/tools/fpc/units/aarch64-darwin/rtl/sysinit.o) was built for newer macOS version (11.0) than being linked (10.
One of these for every pascal unit in my code, and one for every c module in the openSSL code, finishing like this:
Error: ld: warning: object file (/Users/grahame/work/openssl/libcrypto.a(p12_attr.o)) was built for newer macOS version (11.0) than being linked (10.
The environment make file is /usr/bin/make - is that the linker? How should I fix the macOS linking version error? and will that fix the openSSL linking error?
btw,
* if I define -Xt, then I get a different error: "Error: ld: library not found for -lc". Should I do something about this? c?
* if I define -WP11.0, which some posts here seem to suggest, I get that this is an unrecognised compiler option. (or any other number)
As you can probably tell, I'm completely ignorant about linking stuff, and I have no idea how to progress this...
btw, Lazarus + FPC = trunk yesterday. Mac = Mac M1 running Big Sur 11.6. Xcode v13.0. Are any other versions relevant?