[csw-maintainers] Symbol versioning for openssl ?

Yann Rouillard yann at pleiades.fr.eu.org
Sun Jul 22 20:02:18 CEST 2012


So I did the tests and ... it doesn't work.

I recompiled libssl0.9.8 with symbol versioning enabled.
I recompiled libneon against this libssl0.9.8 library.
I recompiled cadaver against libssl1.0.0 with symbol versioning enabled.

The result is:

- libssl0.9.8 compiled fine with symbol versioning enabled:

# pvs /opt/csw/lib/libssl.so.0.9.8
        libcrypto.so.0.9.8 (OPENSSL_0.9.8);
        libc.so.1 (SUNW_0.7, SUNWprivate_1.1);
        libssl.so.0.9.8;
        OPENSSL_0.9.8;

- the libneon27 effectively registered the dependancy on the OPENSSL_0.9.8
symbols:

# pvs -r /opt/csw/lib/libneon.so.27.2.6
        libssl.so.0.9.8 (OPENSSL_0.9.8);
        libcrypto.so.0.9.8 (OPENSSL_0.9.8);
[...]

- but the linker still links the libneon ssl symbols with openssl 1.0.0
when I launch cadaver:
# LD_DEBUG=all /opt/csw/bin/cadaver

[...]
18581: version needed processing: file=/opt/csw/lib/i386/libneon.so.27
18581:             file                        version
18581:             libssl.so.0.9.8             OPENSSL_0.9.8
18581:
[...]
18581: binding file=/opt/csw/lib/i386/libneon.so.27 to
file=/opt/csw/lib/i386/libssl.so.1.0.0: symbol 'SSL_pending'
[...]


So I am really surprised but the conclusion is that solaris symbol
versoning doesn't help in this case.
It seems the version check is only done to see if the whole library can be
loaded (and only if the application/library and the library both use
versioning), but it is not used after to link the symbols.

>From what I understood, symbol versioning in Linux works at the symbol
level and would effectively help to prevent the kind of problem we have
here.

But for now I don't see a way to avoid the same painful transition in the
future. I still welcome any light on symbol versioning because I may have
missed something.

Yann










2012/7/22 Peter FELECAN <pfelecan at opencsw.org>

> Yann Rouillard <yann at pleiades.fr.eu.org> writes:
>
> > I will try to compile a libssl0.9.8 with symbol versioning to really test
> > if this would help during a library migration.
>
> This is the most probable solution, i.e., to have only versioned
> libraries installed; it will let binaries compiled with non versioned
> libraries to execute, which is what we wish, isn't it? However, which
> library is used is pending a test; I bet 2 drachmas that the highest
> version is used...
>
> --
> Peter
> _______________________________________________
> maintainers mailing list
> maintainers at lists.opencsw.org
> https://lists.opencsw.org/mailman/listinfo/maintainers
> .:: This mailing list's archive is public. ::.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/maintainers/attachments/20120722/fa7b1c1d/attachment.html>


More information about the maintainers mailing list