Bug 1277662 - Question regarding the relevance of the custom soname for openssl libraries in >= 1.0.0 versions
Summary: Question regarding the relevance of the custom soname for openssl libraries i...
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2015-11-03 18:59 UTC by Rémi Verschelde
Modified: 2015-11-04 08:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-11-04 08:11:42 UTC
Type: Bug

Attachments (Terms of Use)

Description Rémi Verschelde 2015-11-03 18:59:39 UTC
Due to apparent historical reasons, Fedora uses a different soname for the openssl libraries (libssl and libcrypto) than the one defined upstream [1].
From what I understood this might have been needed for pre-1.0.0 versions due to functionalities that had to be stripped due to patent issues.

I'm not competent enough to say if this custom soname is still relevant API-wise, but since most other GNU/Linux distros do not change this soname, it introduces compatibility issues for binaries dynamically linked against openssl on a non-Fedora system when trying to run them on Fedora (see e.g. [2] or one of the various forum topics telling Fedora users to make symlinks), since distros like Debian, Ubuntu or Mageia link against libssl.so.1.0.0 and libcrypto.so.1.0.0, while Fedora provides .so.10.

So I just wanted to question the current relevance of this custom soname, to see if Fedora could go in a more upstream-compatible direction (or have the soname changed upstream if need be).

Thanks in advance.

[1] http://pkgs.fedoraproject.org/cgit/openssl.git/tree/openssl.spec
[2] https://github.com/godotengine/godot/issues/1391

Comment 1 Tomas Mraz 2015-11-04 08:11:26 UTC
There is no ABI compatibility among OpenSSL in various distributions unless they really care about it and keep the patches and enabled/disabled feature sets of OpenSSL exactly the same. I did not look at the other distros in depth but I do not expect them to carry the same stuff as we do in for example the FIPS support patches, etc. So the non-upstream soname is still very much relevant for Fedora. I might look at the issue again once we will be rebasing to the current upstream master branch (i.e. openssl-1.1.0) as that version will break ABI again.

Note You need to log in before you can comment on or make changes to this bug.