Bug 1277662 - Question regarding the relevance of the custom soname for openssl libraries in >= 1.0.0 versions
Question regarding the relevance of the custom soname for openssl libraries i...
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2015-11-03 13:59 EST by Rémi Verschelde
Modified: 2015-11-04 03:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-11-04 03:11:42 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Rémi Verschelde 2015-11-03 13:59:39 EST
Due to apparent historical reasons, Fedora uses a different soname for the openssl libraries (libssl and libcrypto) than the one defined upstream [1].
From what I understood this might have been needed for pre-1.0.0 versions due to functionalities that had to be stripped due to patent issues.

I'm not competent enough to say if this custom soname is still relevant API-wise, but since most other GNU/Linux distros do not change this soname, it introduces compatibility issues for binaries dynamically linked against openssl on a non-Fedora system when trying to run them on Fedora (see e.g. [2] or one of the various forum topics telling Fedora users to make symlinks), since distros like Debian, Ubuntu or Mageia link against libssl.so.1.0.0 and libcrypto.so.1.0.0, while Fedora provides .so.10.

So I just wanted to question the current relevance of this custom soname, to see if Fedora could go in a more upstream-compatible direction (or have the soname changed upstream if need be).

Thanks in advance.

[1] http://pkgs.fedoraproject.org/cgit/openssl.git/tree/openssl.spec
[2] https://github.com/godotengine/godot/issues/1391
Comment 1 Tomas Mraz 2015-11-04 03:11:26 EST
There is no ABI compatibility among OpenSSL in various distributions unless they really care about it and keep the patches and enabled/disabled feature sets of OpenSSL exactly the same. I did not look at the other distros in depth but I do not expect them to carry the same stuff as we do in for example the FIPS support patches, etc. So the non-upstream soname is still very much relevant for Fedora. I might look at the issue again once we will be rebasing to the current upstream master branch (i.e. openssl-1.1.0) as that version will break ABI again.

Note You need to log in before you can comment on or make changes to this bug.