On 1/11/19 10:23 PM, Benjamin Kaduk wrote:
On Fri, Jan 11, 2019 at 01:56:35PM +0100, Harald Dunkel wrote:Is it possible to use openssl 1.1.1 as a drop-in replacement for 1.1.0?Well ... mostly. It's *supposed* to be, but there are some places where behavior had to change to get TLS 1.3 support, and some of those changes are on the boundary of "breaks functioning code" and "your code was doing unsupported/undocumented things". (Unfortunately, I don't have any examples off the top of my head.)
If there are important changes (like introducing TLS 1.3 or others, modifying the api), isn't it custom to change the SONAME, making sure that shared objects for old and new api can be installed in parallel? Regards Harri