On Tue, May 10, 2011, Ken Dreyer wrote: > I'm pretty sure this is "yes", but I don't see it documented anywhere. > > Are the various minor versions of OpenSSL binary compatible? For > example, if I built Apache's mod_ssl against a previous 0.9.8 release, > and I update my system to 0.9.8r, will everything work? >
The answer is "probably yes" but with some caveats. If the application is well behaved and doesn't rely on undocumented features or access structure internals it should be fine. If it does access structures then it depends. Occasionally some new fields need to be added to structures but they are invariably at the end. An example of this was fixing the renegotiation vulnerability. In theory an application doing horrible things like allocating SSL structures manually (instead of via SSL_new etc) could be broken by this change but I'd hope nothing does that. There is an experimental feature in OpenSSL 1.1.0-dev to test how well behaved applications are for the ssl library but it's still being developed. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
