On 22/04/2015 21:49, Viktor Dukhovni wrote: > On Wed, Apr 22, 2015 at 09:04:04PM +0200, Jakob Bohm wrote: > >> For parallel installation of OpenSSL 1.0.2a and the OS >> supplied OpenSSL 1.0.1 (with patches equivalent to the >> latest release), modify SHLIB_VERSION_NUMBER from 1.0.0 >> to 1.0.2 in the folliwing files from the tarball: > The ABI version really is 1.0.0. Symbol versioning is the right > way to distinguish between 1.0.[012]. The Debian OpenSSL build > does symbol versioning to avoid conflicts between multiple libraries > that support the 1.0.0 ABI. > > Yes, the ABI compatibility is only backwards compatibility, so > applications that link to a newer version of the library at compile > time, need to use the same or newer library at run-time. > > Applications using a non-system library need to record a suitable > RPATH (often using "$ORIGIN" is a good bet if the application ships > a copy of the library). Ideally applications would use the system > supplied library, otherwise patching becomes rather difficult... > My observations were actually made on Debian. And I seem to recall itwas the system daemons that failed, not my newly recompiled daemons,though I may of cause be mistaken. As for symbol versioning, if that is not in the upstream tarball, any suchthings added by vendor compiles is just going to break the ABI, in factthe absence of symbol versioning in my vanilla compile may be whatcaused the problems for all the installed packages. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150422/29e00316/attachment-0001.html>