[PATCH 1/1] Just warn if linked libssl is more recent

Phil Mayers p.mayers at imperial.ac.uk
Tue Jun 17 15:46:28 CEST 2014

On 17/06/14 14:36, Alan DeKok wrote:
> Phil Mayers wrote:
>> OpenSSL has broken ABI in the past without a .soname bump. Very
>> annoying. That does not make it your business to hard-code a version
>> number into the application IMO.
>    It means that people complain *here* when OpenSSL breaks things.
> That's annoying.  I'd rather have FreeRADIUS produce a useful error
> message, telling them where the real problem is.

On reflection I guess I can see the difference - a segfault due to ABI 
mismatch isn't obvious.

It's *not* clear to me that it will reduce hassles on the mailing list - 
I have a fear there will end up being loads of deployed versions of the 
server with the check, and we'll be swamped by people asking how to fix 
it but refusing to recompile (we know this is a "thing"). But maybe it 
being obvious will make that ok.

>    I'm OK with adding a configuration directive which tells the server to
> ignore this check.  But the check MUST be there by default, and MUST be
> enabled by default.

Fair enough. I would like to not have to rebuild the server in the event 
the version number changes but ABI does not. I have no big problem doing 
this in the config, or the server warning noisily when it starts or crashes.

More information about the Freeradius-Devel mailing list