[openssl-users] How to compile OpenSSL 1.0.x with versioned symbols ?

Matt Caswell matt at openssl.org
Thu Jul 19 08:59:30 UTC 2018

On 19/07/18 07:08, pratyush parimal wrote:
> Hi all,
> Are people familiar with how to get symbols versioned with versions
> like "OPENSSL_1.0.x" in the libcrypto.so after compiling it
> yourselves?

OpenSSL as sourced from the OpenSSL project does not support this in 1.0.x.

> Problem is, on execution my application complains that: "OPENSSL_1.0.2
> not found". Performing "objdump -T" on the OpenSSL 1.0.2k libcrypto.so
> on the CentOS machine, I see some symbols versioned with the version
> number "OPENSSL_1.0.2" within the library. But these seem to be
> missing in the libcrypto.so which I built using the instructions
> above. Any idea how to get those symbols in ? Or how to get around
> this issue?

Vendors often patch OpenSSL with their own system specific changes. I
know Debian did this to add symbol versioning for 1.0.x. It seems CentOS
does too.

> Digging deeper I noticed that OpenSSL 1.1.0h (for example) does not
> have this problem. In fact, as part of the build process, it seems to
> generate two map files: ssl.map and crypto.map, which get passed as
> --version-script=ssl.map and --version-script=crypto.map sometime to
> the compiler. I also noticed that in that version of OpenSSL, there's
> a script called util/mkdef.pl which generates those map files.

Yes, this was a new feature we added to 1.1.0.

> OpenSSL 1.0.2k for example, does not seem to generate those map files
> as part of the build process. Any idea how to generate them? I saw an
> example of how CentOS seems to be putting versioned symbols in using a
> patch (https://git.centos.org/blob/rpms!openssl.git/5fee79a733e7bcfa468ae8f400bad40a1002c8c5/SOURCES!openssl-1.0.1e-version.patch),
> but if someone could explain how to do that for any OpenSSL version,
> it would be very helpful.

You could try applying the CentOS patch to your own sources - but there
is no official way to do this. Alternatively you could try building from
the CentOS provided sources.


More information about the openssl-users mailing list