> On Jul 17, 2019, at 3:41 PM, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote: > > On a system with OpenSSL 1.0.2 or OpenSSL 1.1.0 in /usr/lib (on the default > search path), and especially when you're linking with other libraries that > in turn were linked against the OpenSSL version in /usr/lib, using OpenSSL > 1.1.1 in your application requires care... By the way, today I'm uneventfully running an SSH server and client that are linked against OpenSSL 1.0.2 for crypto in OpenSSH, but also Heimdal Kerberos for GSSAPI, which in turn is linked against OpenSSL 1.1.1 for its crypto. The two libraries coëxist (ships in the night) in the same process with no conflict. They are built with version-specific "shlib_variant" values, so that the symbol versions and SONAMEs are distinct. It all works. Perhaps there should be a blog-post or other document somewhere that explains this with a more detailed walk-through of the required steps. Anyone care to contribute? -- Viktor.
