Closed sharkcz closed 2 years ago
The question is: do we really want to change the default to so.4 ? What if one does not run with libica v4 but still uses v3.x? Sure, one can always specify the desired so-name in the OpenSSL config, but what should be the default?
good question :-) I think the usual scenario is that the whole "Z crypto stack" is updated to the latest versions at the same time (at least for the enterprise distros), so ibmca should follow the libica change. @jschmidb , what do you think?
I consider this the wrong solution. If someone still uses libica.so.3 with the engine we would also need a configuration update.
My expectation would be that if I use ibmca released after the release of libica 4, then this combo should work out of the box. With my Red Hat hat on
IMO this is the distro maintainer's job to keep the users safe and without surprises. Any change needed in the openssl/engine config for an upgrade from RHEL-8 to RHEL-9 will be handled via our upgrade tool.
How about a configure option that allows to select the desired libica version? This configured option should then influence all 3 places (defaultlib in configure.ac, gensamplecfg.pl, enginectrl.c) where the libica version is mentioned. That way the default libica version could still remain v3, but a distributor can configure it to use v4 if desired.
Yes, making the libica major version configurable is a good option.
Solved with #75 so I am closing this PR.
libica changed the soname to .4 after chaging its ABI, change the sonames in ibmca accordingly.