Question about Open SSL 1.0.2 series compatibility

Viktor Dukhovni openssl-users at dukhovni.org
Thu Dec 7 17:36:26 UTC 2023


On Thu, Dec 07, 2023 at 02:07:29PM +0000, Kenneth Goldman wrote:

> I would try either static link to your old version or link to a local
> old version, but not install openssl in the system area.

Neither approach is right.  The right approach is dynamic linking
against a version of OpenSSL that has symbol versions that avoid
conflict with other versions of OpenSSL, and perhaps use $ORIGIN
in the runpath to deliver the executable and library at related,
but relocatable paths.

With static linking (of just OpenSSL), you get potential ABI issues
with loadable modules (e.g. nss modules, or others), if the loadable
module uses and expects the system version of OpenSSL.

-- 
    Viktor.


More information about the openssl-users mailing list