On Thu, Mar 25, 2010 at 06:16:22PM +0100, Gregory BELLIER wrote:
> However, I didn't ask if new code was necessary in Postfix so it can be
> aware of a new cipher. As you said, it's automatical. I asked if, in your
> opinion, it would be necessary to build postfix (as is) against a new
> OpenSSL.
If you are using shared libraries, and modify OpenSSL without modifying
the ABI, then Postfix can immediately use the new library without recompiling,
provided the new library has the same "soname" as the old.
With OpenSSL, past releases have changed the ABI from time to time, and
upgrading 0.9.6 -> 0.9.7 -> 0.9.8 -> 1.0.0 (which is finally out, hooray!)
requires recompiling and re-linking Postfix. Patchlevels within a particular
release level which don't change the ABI, even if they introduce new ciphers,
do not require re-compilation of a Postfix that uses shared libraries.
--
Viktor.
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.
