p-steuer
commented
6 years ago At this time, it is possible to use an older engine version with a newer libica major version (the other way is problematic). This change makes ibmca engine dependent on a specific libica major version.
However, since it makes no sense for distros (and in general) to willingly use out-of-sync engine/libica versions, this would be okay for me.
Opinions @dodys @hfreude ?
dodys
Currently the development symlink for libica (libica.so, https://github.com/opencryptoki/openssl-ibmca/blob/master/src/e_ibmca.c#L46) is used as the filename when loading libica into ibmca. It means the libica-devel package to be installed on distributions in addition to the runtime library. Or the string needs to patched in ibmca, that's what Fedora/RHEL do in https://src.fedoraproject.org/rpms/openssl-ibmca/blob/master/f/openssl-ibmca-2.0.0-libica-soname.patch.