[PATCH 1/1] Just warn if linked libssl is more recent

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Jun 17 12:39:25 CEST 2014


On 17 Jun 2014, at 11:01, Phil Mayers <p.mayers at IMPERIAL.AC.UK> wrote:

> On 17/06/14 10:50, Arran Cudbard-Bell wrote:
> 
>> I'm not seeing what the issue is.
> 
> OpenSSL has broken ABI in the past without a .soname bump. Very annoying. That does not make it your business to hard-code a version number into the application IMO.
> 
> Let's say the OpenSSL guys get really clued up all of a sudden, and/or LibreSSL takes off. Assume that the ABI via the .soname becomes really solid, but the version number starts to increment rapidly. Not impossible. I shouldn't have to re-compile FreeRADIUS to take advantage of that.

The FreeRADIUS check is mutable. If that happens, we can change the code.

> I don't think applications should be enforcing this, full stop. I don't expect you'll agree with me, but never mind.

No, I don't agree. Developer time is a finite resource. I don't want our time wasted helping people debug issues caused by libssl compatibility issues.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140617/96513b26/attachment.pgp>


More information about the Freeradius-Devel mailing list