On Thu, Jul 08, 2021 at 05:55:42PM +0100, Tim Culhane wrote: > We have a customer who is running our product on a RedHat 6.x server. > Our product uses OpenSSL 1.1.1 to handle secure connections. > > Initial testing by the customer is showing segmentation faults in OpenSSL > during the handshake process. You can build and bundle your own OpenSSL library (libssl and libcrypto), that is dynamically linked, has a custom "SONAME", and custom symbol version names. Such a dynamically linked SSL library can coexist in the same address space with another (e.g. platform-vendor provided) OpenSSL version, provided both use symbol versioning. > I know that RedHat certainly doesn't ship recent versions of OpenSSL for > RedHat 6.x. However it is still possible to install later OpenSSL versions > to run side-by-side the system installation. > > What I'm wondering is, would there be a technical reason why OpenSSL 1.1.1 > would not work correctly on a RedHat 6.x system? There are two potential problems: - Symbol name/version collisions. - Passing of incompatible SSL contexts/handles created in one library to an API linked with another incompatible library. The second issue is quite rare, but though the first is common, it can avoided by building the custom non-platform OpenSSL libraries with care. Look for "shlib_variant" in the Configuration profiles for OpenSSL 1.1.1x. -- Viktor.