update for libica version 4

[sharkcz]

libica changed the soname to .4 after chaging its ABI, change the sonames in ibmca accordingly.

[ifranzki]

The question is: do we really want to change the default to so.4 ? What if one does not run with libica v4 but still uses v3.x? Sure, one can always specify the desired so-name in the OpenSSL config, but what should be the default?

[sharkcz]

good question :-) I think the usual scenario is that the whole "Z crypto stack" is updated to the latest versions at the same time (at least for the enterprise distros), so ibmca should follow the libica change. @jschmidb , what do you think?

[juergenchrist]

I consider this the wrong solution. If someone still uses libica.so.3 with the engine we would also need a configuration update.

[sharkcz]

My expectation would be that if I use ibmca released after the release of libica 4, then this combo should work out of the box. With my Red Hat hat on

• RHEL-9 will be released with libica 4 and we will need this update for ibmca to work there.
• RHEL-8 will be getting updates of libica (the version 4 and further), but will keep its version 3 ABI (and soname), so any ibmca updates will skip/revert this change.

IMO this is the distro maintainer's job to keep the users safe and without surprises. Any change needed in the openssl/engine config for an upgrade from RHEL-8 to RHEL-9 will be handled via our upgrade tool.

[ifranzki]

How about a configure option that allows to select the desired libica version? This configured option should then influence all 3 places (defaultlib in configure.ac, gensamplecfg.pl, enginectrl.c) where the libica version is mentioned. That way the default libica version could still remain v3, but a distributor can configure it to use v4 if desired.

[sharkcz]

Yes, making the libica major version configurable is a good option.

[juergenchrist]

Solved with #75 so I am closing this PR.