[openssl-users] What version of OpenSSL source can be built with FIPS modules?

Viktor Dukhovni openssl-users at dukhovni.org
Tue Jan 19 20:06:20 UTC 2016

> On Jan 19, 2016, at 2:56 PM, Jakob Bohm <jb-openssl at wisemo.com> wrote:
> - Include additional patches to do "symbol versioning"
> wherever the 1.0.x libraries contain ABI differences
> that would otherwise break running software compiled
> to run against shared libraries built from the 1.0.0
> tree against shared libraries compiled from the 1.0.1
> tree (etc.).  Basically, they fix bugs in the binary
> compatibility within the 1.0.x upstream releases.

My reading of the symbol versioning in Debian is that no
effort is made to preserve the ABI.  Rather the symbol
versioning enables Debian to more accurately determine
minimum OpenSSL version dependencies when building other
packages that depend on OpenSSL.  And they allow the
same application to dynamically load, for example, both
the 0.9.8 and 1.0.0 (ABI so 1.0.0/1.0.1/1.0.2) shared libraries.

The Debian libraries do not AFAIK contain backwards-ABI-compatible
versions of obsoleted interfaces.


More information about the openssl-users mailing list