[PATCH] compat: Relax version check with OpenSSL 3.0+

Darren Tucker dtucker at dtucker.net
Mon May 8 09:07:49 AEST 2023


On Mon, 8 May 2023 at 06:13, <rsbecker at nexbridge.com> wrote:
[...]
> Is this not already covered using the --without-openssl-header-check
> configuration option?

No.  That configure option will disable the consistency check between
the headers and library versions at compile time, ie the API.  It was
added when some vendors (from memory, Apple) started shipping
libcrypto updates without the corresponding header updates.

This diff posted affects the check between the version it was compiled
against and the currently installed library version, ie the ABI.
OpenSSL improved the ABI compatibility from "must be the same minor
release" in 1.x to "must be the same major release" in 3.x but we
currently only have the 1.x checks.  Damien had a slightly different
diff that also fixed this, not sure what happened to it.

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list