On Wed, 2012-03-14 at 19:36 +0100, Dr. Stephen Henson wrote: > On Wed, Mar 14, 2012, Mike Frysinger wrote: > > > On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: > > > On Wed, Mar 14, 2012, Mike Frysinger wrote: > > > > On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: > > > > > OpenSSL version 1.0.1 released > > > > > =============================== > > > > > > > > > > http://www.openssl.org/source/exp/CHANGES. > > > > > > > > > > The most significant changes are: > > > > > o TLS/DTLS heartbeat support. > > > > > o SCTP support. > > > > > o RFC 5705 TLS key material exporter. > > > > > o RFC 5764 DTLS-SRTP negotiation. > > > > > o Next Protocol Negotiation. > > > > > o PSS signatures in certificates, requests and CRLs. > > > > > o Support for password based recipient info for CMS. > > > > > o Support TLS v1.2 and TLS v1.1. > > > > > o Preliminary FIPS capability for unvalidated 2.0 FIPS module. > > > > > o SRP support. > > > > > > > > i don't see mention of ABI compat changes, and it seems to not be > > > > compatible. did someone forget to update the version string in > > > > crypto/opensslv.h ? it still says "1.0.0" ... > > > > > > Can you be more specific about "seems to not be compatible". > > > > if the versions were compatible, there should be no warning when running > > apps > > with openssl-1.0.1 that were built against openssl-1.0.0*. but there is: > > OpenSSL version mismatch. Built against 1000005f, you have 1000100f > > What is producing that warning?
This is a problem of the applications (OpenSSH, postgresql,....) that do not expect different versions of openssl to be ABI compatible. They compare the version that they were compiled against to the version reported by the library. They usually ignore only the patch level number (abcde...). We had to patch the version number in the library to stay constant. I suppose these applications should have the version check removed as it is not guaranteed to work anyway as the ABI of openssl depends also on the compiled-in ciphers and other compile time options. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org