On 22/04/2015 21:49, Viktor Dukhovni wrote:
On Wed, Apr 22, 2015 at 09:04:04PM +0200, Jakob Bohm wrote:
For parallel installation of OpenSSL 1.0.2a and the OS
supplied OpenSSL 1.0.1 (with patches equivalent to the
latest release), modify SHLIB_VERSION_NUMBER from 1.0.0
to 1.0.2 in the folliwing files from the tarball:
The ABI version really is 1.0.0. Symbol versioning is the right
way to distinguish between 1.0.[012]. The Debian OpenSSL build
does symbol versioning to avoid conflicts between multiple libraries
that support the 1.0.0 ABI.
Yes, the ABI compatibility is only backwards compatibility, so
applications that link to a newer version of the library at compile
time, need to use the same or newer library at run-time.
Applications using a non-system library need to record a suitable
RPATH (often using "$ORIGIN" is a good bet if the application ships
a copy of the library). Ideally applications would use the system
supplied library, otherwise patching becomes rather difficult...
My observations were actually made on Debian. And I seem to recall
itwas the system daemons that failed, not my newly recompiled
daemons,though I may of cause be mistaken.
As for symbol versioning, if that is not in the upstream tarball,
any suchthings added by vendor compiles is just going to break
the ABI, in factthe absence of symbol versioning in my vanilla
compile may be whatcaused the problems for all the installed
packages.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
