An openssl shared library versioning problem (fwd)

Peter Breitenlohner peb at mppmu.mpg.de
Fri Jan 11 04:20:05 EST 2002 

Hi,

Below a message I had originally sent to openssl-bugs.

The version mismatch mentioned below was
OpenSSL 0x0090603f vs. OpenSSL 0x0090601f

Meanwhile Richard Levitte <levitte at stacken.kth.se> has sent me the
following:

>>>>>>>>> Begin excerpt from levitte (first msg.)
peb> If, on the other hand, the libraries from 0.9.6a and 0.9.6c are
peb> binary compatible they certainly deserve the same soname, but
peb> then ssh shouln't be able to notice the difference.

They are binary compatible.  I suggest you look in the openssh source
to see how it detects the version, and yes, it's a bit oversensitive.
>>>>>>>>> End excerpt from levitte

>>>>>>>>> Begin excerpt from levitte (second msg.)
peb> Now ssh may be a bit oversensitive, but certainly should protect
peb> itself against incompatible library versions.

Of course, and considering we keep OpenSSL binary compatible between
patch levels, the test could be performed like this:

	if (((OPENSSL_VERSION_NUMBER ^ SSLeay()) & 0xffffff0f) == 0)
		/* success */
	else
		/* failure */

(note: I haven't tested that, but it should mask the patch level.
Also, the version number scheme was different before 0.9.5, so the
above would only work starting with 0.9.5)
>>>>>>>>> End excerpt from levitte
NB: I think according to the OPENSSL_VERSION_NUMBER.3 manpage it should
actually be	& 0xffffff00fL	for ssl version>=0.9.5

It would be really nice if this could be taken into account.

regards
Peter Breitenlohner <peb at mppmu.mpg.de>

---------- Forwarded message ----------
Date: Thu, 10 Jan 2002 13:32:27 +0100 (CET)
From: Peter Breitenlohner <peb at mppmu.mpg.de>
To: openssl-bugs at openssl.org
Subject: An openssl shared library versioning problem

Hi,

I want to report an openssl shared library versioning problem (ix86-linux).

Recently I have built and installed openssh-3.0.2p1 (using a shared library
version of libcrypto), because the former version had some security holes.

Before doing so I have upgraded from openssl-0.9.6a to 0.9.6c. After
installing openssl, and thereby replacing libcrypto.so.0.9.6 from 0.9.6a by
a library of the same name from 0.9.6c, but before building the new ssh,
ssh complained about a build/use library version mismatch and failed.

.......... rest deleted

regards
Peter Breitenlohner <peb at mppmu.mpg.de>

More information about the openssh-unix-dev mailing list