[PATCH 1/1] Just warn if linked libssl is more recent
p.mayers at imperial.ac.uk
Tue Jun 17 15:46:28 CEST 2014
On 17/06/14 14:36, Alan DeKok wrote:
> Phil Mayers wrote:
>> OpenSSL has broken ABI in the past without a .soname bump. Very
>> annoying. That does not make it your business to hard-code a version
>> number into the application IMO.
> It means that people complain *here* when OpenSSL breaks things.
> That's annoying. I'd rather have FreeRADIUS produce a useful error
> message, telling them where the real problem is.
On reflection I guess I can see the difference - a segfault due to ABI
mismatch isn't obvious.
It's *not* clear to me that it will reduce hassles on the mailing list -
I have a fear there will end up being loads of deployed versions of the
server with the check, and we'll be swamped by people asking how to fix
it but refusing to recompile (we know this is a "thing"). But maybe it
being obvious will make that ok.
> I'm OK with adding a configuration directive which tells the server to
> ignore this check. But the check MUST be there by default, and MUST be
> enabled by default.
Fair enough. I would like to not have to rebuild the server in the event
the version number changes but ABI does not. I have no big problem doing
this in the config, or the server warning noisily when it starts or crashes.
More information about the Freeradius-Devel