[openssl-users] openssl 1.0 and 1.1 co-exist

Jakob Bohm jb-openssl at wisemo.com
Thu Jun 22 11:05:43 UTC 2017


On 22/06/2017 04:31, Viktor Dukhovni wrote:
> On Wed, Jun 21, 2017 at 01:44:34PM -0400, Ken Goldman wrote:
>
>> This is probably Linux specific ...
>>
>> Can both openssl versions co-exist on the same platform.  I know that the
>> .so is versioned, but how about the header files?  Can I choose which
>> library to build with?
> Yes, with care.  I support systems where the base platform (debian)
> provides OpenSSL 1.0.1 in /usr/{include,lib,bin}, and I additionally
> deploy OpenSSL 1.0.2 and OpenSSL 1.1.0 in:
>
> 	/opt/openssl/1.0/{include,lib,bin}	OpenSSL 1.0.2
> 	/opt/openssl/1.1/{include,lib,bin}	OpenSSL 1.1.0
>
> These builds employ custom ELF symbol versions and custom ELF
> SONAMEs, and custom RPATHs, so that they can coexist without conflict
> in a single running process with the system OpenSSL library.
>
> Applications that use my builds can then be compiled with (for
> example):
>
>      -I/opt/openssl/1.1/include \
>      -L/opt/openssl/1.1/lib \
>      -Wl,-R,/opt/openssl/1.1/lib

I maintain a few Debian systems where 1.0.2 and the system 1.0.1
coexist solely based on so-names (I modified the 1.0.2 Makefile
to set a different version in the so-name).  Applications builds
(and thus headers) for the different versions are not on the same
machines, only the compiled binaries.

For this simplified scenario (only one set of headers etc. per system),
self-compiled OpenSSL simply goes in /usr/local with no use of Rpath.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



More information about the openssl-users mailing list