For those who plan to upgrade from 0.9.6x (x < 'h') to 0.9.6h

Sun, 08 Dec 2002 15:31:42 -0800 

Prompted by a user, I ran a test to see if I could detect any binary
incompatibilities.  To do that, I had to make sure that the OpenSSL
versions I was gonna test would have all programs linked with the
shared libraries rather than the static libraries.  I did it like
this:

 make DIRS='crypto ssl rsaref' all
 make DIRS='test apps tools' sub_all
 mkdir save-so
 mv lib*.so* save-so
 echo To test, do: LD_LIBRARY_PATH='`pwd`/save-so' make test

Running the internal tests becomes easy, as the echo instructs:

 LD_LIBRARY_PATH=`pwd`/save-so make test

To do a comparative test, I did the above script in the directories
openssl-0.9.6e and openssl-engine-0.9.6h.  Those two directories are
of course the result of unpacking those two distributions.

When I had built everything, I simply did this:

 cd openssl-0.9.6e
 LD_LIBRARY_PATH=`cd ../openssl-engine-0.9.6h;pwd`/save-so make test

It ran perfectly.  That at least shows that applications originally
linked with the shared libraries from 0.9.6e can run with the
libraries from 0.9.6h (even the engine variant).

For OpenSSH user: you have a BIG gotcha to deal with!  You will have
to recompile that one.  The problem is that they have inserted some
code to verify that the compiled-in OpenSSL version number (via the
macro OPENSSL_VERSION_NUMBER, which is found in opensslv.h) with what
is returned by the function SSLeay() (which returns the value of
OPENSSL_VERSION_NUMBER, *as compiled into the library*!).  If you
upgrade libcrypto.so, the two numbers won't be equal, and OpenSSH will
abort.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to