We are shipping OpenSSL (1.0.2j) shared objects built with FIPS, which are automatically loaded when the application starts. But if our software directory is in the path (or LD_LIBRARY_PATH or platform equivalent) earlier than the system directories, then other applications that load OpenSSL dynamically (eg. ssh on some systems) could use our libraries rather than the system ones. This is not a huge deal except that we may want to disable certain algorithms that we don't use, and we don't want to break system utilities that do use them.
We would like to avoid this by renaming these libraries, i.e. libMYcrypto.so.1.0.0 and libMYssl.so.1.0.0, and then we'll know that only our application would load them. Simply renaming the files is obviously no good, and I've found that renaming them before linking with them does not work either. It would seem that the names "libcrypto" and "libssl" are hard-coded in a million places within Makefiles and scripts and such. Is there a way to solve this problem? This would apply to Linux, HP-UX, and Solaris. Thanks Graeme Perrow
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
