Re: minor version compatibility
owner-openssl-us...@openssl.org wrote on 05/10/2011 06:52:26 PM: From: Dr. Stephen Henson st...@openssl.org To: openssl-users@openssl.org Date: 05/10/2011 06:57 PM The answer is probably yes but with some caveats. If the application is well behaved and doesn't rely on undocumented features or access structure internals it should be fine. The catch is that it's hard to determine what an 'undocumented feature' is. E.g., the AES_Encrypt function is not in the man page. Nor is MGF1. AES_Encrypt persisted from 0.9.8 to 1.0.0. MGF1 was dropped.
minor version compatibility
I'm pretty sure this is yes, but I don't see it documented anywhere. Are the various minor versions of OpenSSL binary compatible? For example, if I built Apache's mod_ssl against a previous 0.9.8 release, and I update my system to 0.9.8r, will everything work? - Ken __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: minor version compatibility
My experience is more probably than yes. I recall cases where it did not. It's also hard to test, because it might fail some corner case that you don't use often. owner-openssl-us...@openssl.org wrote on 05/10/2011 05:12:33 PM: From: Ken Dreyer ktdre...@ktdreyer.com To: openssl-users@openssl.org Date: 05/10/2011 05:27 PM I'm pretty sure this is yes, but I don't see it documented anywhere. Are the various minor versions of OpenSSL binary compatible? For example, if I built Apache's mod_ssl against a previous 0.9.8 release, and I update my system to 0.9.8r, will everything work?
Re: minor version compatibility
On Tue, May 10, 2011, Ken Dreyer wrote: I'm pretty sure this is yes, but I don't see it documented anywhere. Are the various minor versions of OpenSSL binary compatible? For example, if I built Apache's mod_ssl against a previous 0.9.8 release, and I update my system to 0.9.8r, will everything work? The answer is probably yes but with some caveats. If the application is well behaved and doesn't rely on undocumented features or access structure internals it should be fine. If it does access structures then it depends. Occasionally some new fields need to be added to structures but they are invariably at the end. An example of this was fixing the renegotiation vulnerability. In theory an application doing horrible things like allocating SSL structures manually (instead of via SSL_new etc) could be broken by this change but I'd hope nothing does that. There is an experimental feature in OpenSSL 1.1.0-dev to test how well behaved applications are for the ssl library but it's still being developed. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
