On Tue, Mar 13, 2001 at 10:15:24PM +0100, Richard Levitte - VMS Whacker wrote:
> From: Lutz Jaenicke <[EMAIL PROTECTED]>
>
> Lutz.Jaenicke> Hmm. The DSO code was considerably changed for the
> Lutz.Jaenicke> 0.9.7 version and changes are not completed yet
> Lutz.Jaenicke> (additional security aspects must be considered with
> Lutz.Jaenicke> respect to the search path).
> Lutz.Jaenicke> The 0.9.6a is only intended to fix bugs and especially
> Lutz.Jaenicke> should not break existing functionality, therefore
> Lutz.Jaenicke> you'll have to wait for 0.9.7 for the improved DSO
> Lutz.Jaenicke> handling.
>
> On this particular point, it shouldn't be too hard to integrate change
> 1.11 of dso_dl.c, and that would hardly break existing functionality,
> and at least make OpenSSL operate in a consistent way over all Unixly
> platforms (since it doesn't prohibit the use of LD_LIBRARY_PATH on all
> other platforms).
>
> Thoughts?
The change in question is 1.10: On HP-UX, shared libraries are normally
called ".sl" and versions before 1.10 use ".so" as used on most other
platforms. 1.11 addresses part of the search path problem, the other
part is in the +s switch to honor SHLIB_PATH.
(We don't want SHLIB_PATH since we cannot control what files the dynamic
loader will take, at least or especially not for suid programs!)
1.10 breaks existing functionality, since once ".sl" is used, ".so"
crypto engines will not be loaded any longer (and they were loaded with
0.9.6 as ".so").
So for a "bug fix release" I would rather say leave it the way it is
and then have the change in 0.9.7.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
