[openssl-dev] version script
Matt Caswell
matt at openssl.org
Mon Feb 8 14:36:37 UTC 2016
On 08/02/16 13:41, Catalin Vasile wrote:
> I'm trying to compile a custom OpenSSL library to work with nginx.
> nginx requires that the SSL library have version data included in the .so files, so I'm using this patch[1] for this.
> The problem is that if I set the library versiont to 1.0.1 into that script, when I start nginx or trigger ldd on nginx I get:
> /usr/lib/libssl.so.1.0.0: version `OPENSSL_1.0.0' not found
> If I set that version to 1.0.0 I get:
> /usr/lib/libssl.so.1.0.0: version `OPENSSL_1.0.1' not found
> Can someone help me out to understand what is going on?
Each symbol will have a different version depending on what version of
OpenSSL it was first introduced in. If a symbol is in both 1.0.0 and
1.0.1 it will have a version of OPENSSL_1.0.0. If a symbol is only in
1.0.1 it will have a version of OPENSSL_1.0.1.
You can see the symbol versions for the system supplied version of
libcrypto/libssl like so:
readelf -Ws /path/to/libcrypto.so.1.0.0 | grep OPENSSL_1.0
Compiling up your own version of OpenSSL and manually adding your own
symbols is possible but fraught with problems. It's best to avoid it if
at all possible. In spite of what you say above nginx does not require
symbol versions to be present...*only* the system supplied version does.
If you obtain a version of nginx from somewhere else then it won't have
this issue.
Also, IIRC, the warnings you get if you don't have symbol versions are
just that - warnings. You should be able to ignore them and continue anyway.
Matt
More information about the openssl-dev
mailing list