[openssl-project] The problem of (implicit) relinking and changed behaviour

Richard Levitte levitte at openssl.org
Tue Apr 17 18:15:37 UTC 2018

In message <87d0yxq0m7.fsf at fifthhorseman.net> on Tue, 17 Apr 2018 09:05:52 -0700, Daniel Kahn Gillmor <dkg at fifthhorseman.net> said:

dkg> On Mon 2018-04-16 08:22:59 +0200, Richard Levitte wrote:
dkg> > Generally speaking, I don't necesseraly agree.  If the use of an API
dkg> > is perfectly valid for the conditions a program was built for, and
dkg> > then suddenly breaks down because the new kid in town wanna play,
dkg> > I find it hard to call that mis-use.  I would much rather have libssl
dkg> > do something along the lines of "oh, you're one of the old guys, let's
dkg> > use something that works for you".
dkg> But if that's the only API semantics, then there's no way for my project
dkg> that depends on libssl to say "do the best thing you know how to do", so
dkg> that i can get benefits from a simple upgrade.

Depends on what "the best thing you know to do" is.  In my mind,
simply refusing to run as before because the new kid in town didn't
like the environment (for example a cert that's perfectly valid for
TLSv1.2 but invalid for TLSv1.3) it ended up in isn't "the best thing
you know to do".

But I get you, your idea of "the best thing you know to do" is to run
the newest protocol unconditionally unless the user / application says
otherwise, regardless of if it's at all possible given the environment
(like said cert).

Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-project mailing list