On Wed, Mar 14, 2012 at 02:30:29PM -0400, Mike Frysinger wrote: > On Wednesday 14 March 2012 14:25:32 Dr. Stephen Henson wrote: > > On Wed, Mar 14, 2012, Mike Frysinger wrote: > > > On Wednesday 14 March 2012 11:09:22 OpenSSL wrote: > > > > OpenSSL version 1.0.1 released > > > > =============================== > > > > > > > > http://www.openssl.org/source/exp/CHANGES. > > > > > > > > The most significant changes are: > > > > o TLS/DTLS heartbeat support. > > > > o SCTP support. > > > > o RFC 5705 TLS key material exporter. > > > > o RFC 5764 DTLS-SRTP negotiation. > > > > o Next Protocol Negotiation. > > > > o PSS signatures in certificates, requests and CRLs. > > > > o Support for password based recipient info for CMS. > > > > o Support TLS v1.2 and TLS v1.1. > > > > o Preliminary FIPS capability for unvalidated 2.0 FIPS module. > > > > o SRP support. > > > > > > i don't see mention of ABI compat changes, and it seems to not be > > > compatible. did someone forget to update the version string in > > > crypto/opensslv.h ? it still says "1.0.0" ... > > > > Can you be more specific about "seems to not be compatible". > > if the versions were compatible, there should be no warning when running apps > with openssl-1.0.1 that were built against openssl-1.0.0*. but there is: > OpenSSL version mismatch. Built against 1000005f, you have 1000100f
As far as I know, we disabled most such checks in Debian because they're not really useful. I can change the ABI without changing the version, or have the same ABI with a different version. If it's not compatible the soname should have changed. The appliation shouldn't go and second guess that it's really compatible or not. And if the soname stays the same but the ABI is not compatible, we also have ways to deal with that. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
