<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 01/12/2017 02:10 PM, Perrow, Graeme wrote:<br>
<blockquote
cite="mid:dd30cbd17c8f4628a8df3838b003252f@DEWDFE13DE08.global.corp.sap"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">We are shipping OpenSSL (1.0.2j) shared
objects built with FIPS, which are automatically loaded when
the application starts. But if our software directory is in
the path (or LD_LIBRARY_PATH or platform equivalent) earlier
than the system directories, then other applications that load
OpenSSL dynamically (eg. ssh on some systems) could use our
libraries rather than the system ones. This is not a huge deal
except that we may want to disable certain algorithms that we
don’t use, and we don’t want to break system utilities that do
use them.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We would like to avoid this by renaming
these libraries, i.e. libMYcrypto.so.1.0.0 and
libMYssl.so.1.0.0, and then we’ll know that only our
application would load them. Simply renaming the files is
obviously no good, and I’ve found that renaming them before
linking with them does not work either.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">It would seem that the names “libcrypto”
and “libssl” are hard-coded in a million places within
Makefiles and scripts and such. Is there a way to solve this
problem? This would apply to Linux, HP-UX, and Solaris.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p><br>
</p>
</div>
</blockquote>
<br>
The full SONAME is used at runtime linking to locate the correct
library to use, so you may have an easier time just setting the
library version number to something unlikely to conflict with an
official release -- that's just a one-line change in
crypto/opensslv.h, SHLIB_VERSION_NUMBER.<br>
<br>
-Ben<br>
</body>
</html>