Closed sharkcz closed 5 years ago
At this time, it is possible to use an older engine version with a newer libica major version (the other way is problematic). This change makes ibmca engine dependent on a specific libica major version.
However, since it makes no sense for distros (and in general) to willingly use out-of-sync engine/libica versions, this would be okay for me.
Opinions @dodys @hfreude ?
I'm okay as well with this change.
This issue was addressed with f4c9d610e39624be09ba4de36e29c60a478537e7 .
Currently the development symlink for libica (libica.so, https://github.com/opencryptoki/openssl-ibmca/blob/master/src/e_ibmca.c#L46) is used as the filename when loading libica into ibmca. It means the libica-devel package to be installed on distributions in addition to the runtime library. Or the string needs to patched in ibmca, that's what Fedora/RHEL do in https://src.fedoraproject.org/rpms/openssl-ibmca/blob/master/f/openssl-ibmca-2.0.0-libica-soname.patch.