Bug 1277662

Summary: Question regarding the relevance of the custom soname for openssl libraries in >= 1.0.0 versions
Product: [Fedora] Fedora Reporter: Rémi Verschelde <rverschelde>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: ngompa13, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-04 08:11:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rémi Verschelde 2015-11-03 18:59:39 UTC 
Due to apparent historical reasons, Fedora uses a different soname for the openssl libraries (libssl and libcrypto) than the one defined upstream [1].
From what I understood this might have been needed for pre-1.0.0 versions due to functionalities that had to be stripped due to patent issues.

I'm not competent enough to say if this custom soname is still relevant API-wise, but since most other GNU/Linux distros do not change this soname, it introduces compatibility issues for binaries dynamically linked against openssl on a non-Fedora system when trying to run them on Fedora (see e.g. [2] or one of the various forum topics telling Fedora users to make symlinks), since distros like Debian, Ubuntu or Mageia link against libssl.so.1.0.0 and libcrypto.so.1.0.0, while Fedora provides .so.10.

So I just wanted to question the current relevance of this custom soname, to see if Fedora could go in a more upstream-compatible direction (or have the soname changed upstream if need be).

Thanks in advance.

[1] http://pkgs.fedoraproject.org/cgit/openssl.git/tree/openssl.spec
[2] https://github.com/godotengine/godot/issues/1391
Comment 1 Tomas Mraz 2015-11-04 08:11:26 UTC 
There is no ABI compatibility among OpenSSL in various distributions unless they really care about it and keep the patches and enabled/disabled feature sets of OpenSSL exactly the same. I did not look at the other distros in depth but I do not expect them to carry the same stuff as we do in for example the FIPS support patches, etc. So the non-upstream soname is still very much relevant for Fedora. I might look at the issue again once we will be rebasing to the current upstream master branch (i.e. openssl-1.1.0) as that version will break ABI again.