Question about Open SSL 1.0.2 series compatibility
Kenneth Goldman
kgoldman at us.ibm.com
Thu Dec 7 14:07:29 UTC 2023
My understanding is that openssl does not guarantee binary compatibility at major releases.
A big value-add of the distros like RHEL is that they recompile everything and guarantee that it all works. Replacing with a custom openssl, or any other system library, will probably break applications.
I would try either static link to your old version or link to a local old version, but not install openssl in the system area.
The ideal solution would be to get your customers off RHEL7, which was end of life 3 years ago, but you may have no choice.
From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Fox, Shawn D (US) via openssl-users
Sent: Wednesday, December 6, 2023 7:34 PM
To: openssl-users at openssl.org
Subject: [EXTERNAL] Question about Open SSL 1.0.2 series compatibility
I’m supporting a project that has been using the openssl 1. 0. 0 series built for RHEL7 for some time now. OpenSSL 1. 1. 1 has breaking API changes, so I’ve built OpenSSL 1. 0. 2u for starters in order to upgrade to that version first,
I’m supporting a project that has been using the openssl 1.0.0 series built for RHEL7 for some time now. OpenSSL 1.1.1 has breaking API changes, so I’ve built OpenSSL 1.0.2u for starters in order to upgrade to that version first, but I am building for both RHEL7 and RHEL8. I have a couple of questions that I haven’t found answers for searching the web yet.
Is OpenSSL 1.0.2 compatible with native apps built for RHEL8? Although it might not be ideal can it work on RHEL8? I’ve built it on RHEL8 and I have used the openssl binary to read some cert files with the x509 sub-command, and it seems to produce the same results on RHEL7 and RHEL8 using the program from within bash shell. That leads me to believe that I should be able to link a native c++ app with openssl 1.0.2u and run that on RHEL8 successfully.
Is OpenSSL 1.1.1 compatible with RHEL7?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20231207/007b43e9/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5357 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20231207/007b43e9/attachment-0001.p7s>
More information about the openssl-users
mailing list