search

noxxi / p5-io-socket-ssl

IO::Socket::SSL Perl Module
36 stars 59 forks source link

OpenSSL runtime check is too strict for >=openssl-3 #137

Closed thesamesam closed 10 months ago

thesamesam commented 1 year ago

See https://github.com/noxxi/p5-io-socket-ssl/blob/master/Makefile.PL#L66.

If Net::SSLeay is built against OpenSSL 3.0 but we're building IO::Socket::SSL against OpenSSL 3.1, we get:

API-different OpenSSL versions compiled in (0x30000090) vs linked (0x30100010) at Makefile.PL line 68.

This isn't a problem - OpenSSL 3.0 and OpenSSL 3.1 are ABI compatible.

OpenSSH had a similar bug and had to relax their logic: https://bugzilla.mindrot.org/show_bug.cgi?id=3548.

See also https://www.openssl.org/policies/releasestrat.html:

As of release 3.0.0, the OpenSSL versioning scheme is changing to a more contemporary format: MAJOR.MINOR.PATCH With this format, API/ABI compatibility will be guaranteed for the same MAJOR version number. Previously we guaranteed API/ABI >compatibility across the same MAJOR.MINOR combination."