We are shipping OpenSSL (1.0.2j)  shared objects built with FIPS, which are 
automatically loaded when the application starts. But if our software directory 
is in the path (or LD_LIBRARY_PATH or platform equivalent) earlier than the 
system directories, then other applications that load OpenSSL dynamically (eg. 
ssh on some systems) could use our libraries rather than the system ones. This 
is not a huge deal except that we may want to disable certain algorithms that 
we don't use, and we don't want to break system utilities that do use them.

We would like to avoid this by renaming these libraries, i.e. 
libMYcrypto.so.1.0.0 and libMYssl.so.1.0.0, and then we'll know that only our 
application would load them. Simply renaming the files is obviously no good, 
and I've found that renaming them before linking with them does not work either.

It would seem that the names "libcrypto" and "libssl" are hard-coded in a 
million places within Makefiles and scripts and such. Is there a way to solve 
this problem? This would apply to Linux, HP-UX, and Solaris.

Thanks
Graeme Perrow

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to