[openssl-project] The problem of (implicit) relinking and changed behaviour

Salz, Rich rsalz at akamai.com
Sun Apr 15 16:55:55 UTC 2018

    > I believe we were led into the current situation, because our tests don't completely work *going backwards.*  Do the 1.1.0 tests basically work *going forwards* ?
>    It is unclear what you mean by forwards and backwards, but some 1.1.0
    tests failed when using a 1.1.1 library.  However, the tests that I
    read about failing were testing artificial expectations that are only
    appropriate for the same library as the tests.  The tests can be fixed
    to make their expectations more explicit (by e.g. setting the max protocol
    version to the largest supported by the corresponding library).
Good point.  I meant our 1.1.1 tests don't completely work when linked with 1.1.0 library.  I am not surprised about that as I am sure there are all sorts of hidden assumptions in the 1.1.1 tests.  Now it seems to turn out that there are only a couple of assumptions, and that maybe we can fix them.  As I said initially, I don't see that as worth any effort, but others are free to disagree and have.

Do our 1.1.0 tests work when linked against the 1.1.1 library?  Even then, there might be some failures because some of those tests probably say "pick any protocol" and they were written at a time when 1.3 was not available so might explicitly test, for example, that "any protocol" meant "got 1.2"  It would be interesting to test 1.1.0 against the 1.1.1 library, and then analyze the failures and see which, if any, indicate bugs in the 1.1.1 compatibility.

Again, to repeat myself, we have datapoints that 1.1.0 programs can use 1.1.1 library with no problems. We do not have any datapoints that typical 1.1.0 programs fail when using 1.1.1 library. 

More information about the openssl-project mailing list