Hello. non-grata posting, but i think a fix would be a widely appreciated clarification. I think noloader is on this list, so i do not bcc him. --- Forwarded from Steffen Nurpmeso <steffen@xxxxxxxxxx> --- Date: Sun, 09 Jun 2024 01:58:54 +0200 Author: Steffen Nurpmeso <steffen@xxxxxxxxxx> .. |>|> Jun 7 23:41:16 outwall/smtpd[19222]: warning: run-time library \ |>|> vs. compile-time header version mismatch: OpenSSL 3.3.0 may not \ |>|> be compatible with OpenSSL 3.2.0 |> ... |>|[.] OpenSSL 3.2.0 and 3.3.0 |>|are ABI and API compatible. I would not expect to see a warning or |>|error. See <https://www.openssl.org/policies/general/versioning-policy.h\ |>|tml>. | |Some irrelevant background: that document covers OpenSSL 3.0 and |later (earlier releases use a different versioning scheme). | |>|From the document under Minor Release: |>| |>| A minor release is indicated by changing the second number of the |>| version. A minor release can, and generally will, introduce new |>| features. However both the API and ABI will be preserved. | |That same document says under "Patch release": | | A patch release is indicated by changing the final number of | the version. A patch release will only contain bug and security | fixes. Both the API and ABI will remain compatible across patch | releases. | |Note that only the text for "Patch release" promises that the "Both |the API and ABI will remain compatible". Hm, you have read the page, and i think Jeffrey is right in noting that, effectively, the [.] log message is technically false. However i also think the OpenSSL page is very confusing, as you correctly point out, since For example, a program built with OpenSSL release 3.0.1 will be able to run with OpenSSL 3.1.0 but might not be able to take advantage of new features without modification. how could a program compiled for 3.0.1 use features at all which were introduced with a later minor version. Btw they also say it *could* happen also here, with the same "Exceptions to these rules require a vote by the OMC." clause they use for API/ABI breakage for minor releases. ... |> [.] I must say, out of my head i have no idea |> whether it has always been like that for minor releases for one, |> and whether that is also true for LibreSSL, and the other SSL |> libraries that [.] possibly works with. And [.] did |> use LibreSSL for some time in the past. ... -- End forward <20240608235854.g9q49DTf@steffen%sdaoden.eu> --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)