[PATCH] compat: Relax version check with OpenSSL 3.0+
Sam James
sam at gentoo.org
Mon May 8 09:59:33 AEST 2023
Darren Tucker <dtucker at dtucker.net> writes:
> On Mon, 8 May 2023 at 06:13, <rsbecker at nexbridge.com> wrote:
> [...]
>> Is this not already covered using the --without-openssl-header-check
>> configuration option?
>
> No. That configure option will disable the consistency check between
> the headers and library versions at compile time, ie the API. It was
> added when some vendors (from memory, Apple) started shipping
> libcrypto updates without the corresponding header updates.
>
> This diff posted affects the check between the version it was compiled
> against and the currently installed library version, ie the ABI.
> OpenSSL improved the ABI compatibility from "must be the same minor
> release" in 1.x to "must be the same major release" in 3.x but we
> currently only have the 1.x checks. Damien had a slightly different
> diff that also fixed this, not sure what happened to it.
IIRC not committed yet. It's https://bugzilla.mindrot.org/show_bug.cgi?id=3548
which I also posted about at
https://lore.kernel.org/distributions/87lejy7ilz.fsf@gentoo.org/T/#u.
best,
sam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 377 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20230508/00cbe005/attachment.asc>
More information about the openssh-unix-dev
mailing list