From: Peter Breitenlohner <[EMAIL PROTECTED]>
peb> Now ssh may be a bit oversensitive, but certainly should protect
peb> itself against incompatible library versions.
Of course, and considering we keep OpenSSL binary compatible between
patch levels, the test could be performed like this:
if (((OPENSSL_VERSION_NUMBER ^ SSLeay()) & 0xffffff0f) == 0)
/* success */
else
/* failure */
(note: I haven't tested that, but it should mask the patch level.
Also, the version number scheme was different before 0.9.5, so the
above would only work starting with 0.9.5)
peb> I would say, if the OPENSSL_VERSION_NUMBER changes, you should
peb> also change the soname as well as the fullname of the library.
peb> Everything else just ask for trouble.
Why would it? OPENSSL_VERSION_NUMBER expresses the exact version
number. Just because openssh does a too simple (and thereby too
sensitive (I prefer that to "not enough", mind you)) isn't a reason
why the way we do things is wrong. Otherwise, you could basically
"attack" any library out there that have sonames like libfoo.so.1 even
if the actual version number is 1.2.3. That would become ridiculous.
--
Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
