Hello I compiled openssh 7.1p1 with 1.0.2e openSSL header files. These ssh binaries work absolutely fine if 1.0.2 ssl libraries is installed. However, if 1.0.1e ssl libraries is installed, then it gives a error - OpenSSL version mismatch. Built against 1000205f, you have 1000105f I think the dependency of openSSL is more from crypto library and ssh is looking for libcrpyto.so.1.0.0 ssl version. This versioned crypto library is available when both 1.0.2 and 1.0.1 ssl library is installed. Can anyone please provide insights on why this error message is seen ? And how it can be resolved ? In general, is it possible to have the SSH binaries (which is generated by compiling with a higher version of openssl ) working when a lower version of openssl is installed on the machine ? Thanks Regards Sandeep
On 31/05/16 20:31, Sandeep Umesh wrote:> In general, is it possible to have the SSH binaries (which is generated by > compiling with a higher version of openssl ) working when a lower version > of openssl is installed on the machine ? ThanksIn general, you should do it the opposite way. Compile with the lowest supported library version, and it will work with an higher one. Going backwards is unlikely to be supported by the libraries internals. Note however, that ssh doesn't cry when "going backwards" within the patch series (just like going forward won't generate such notice). Regards
On 2016-05-31, ?ngel Gonz?lez <keisial at gmail.com> wrote:> On 31/05/16 20:31, Sandeep Umesh wrote: >> In general, is it possible to have the SSH binaries (which is generated by >> compiling with a higher version of openssl ) working when a lower version >> of openssl is installed on the machine ? Thanks > In general, you should do it the opposite way. Compile with the lowest > supported library version, and it will work with an higher one.That's not reliable - OpenSSL do sometimes break the ABI, even between different alphabetic versions with the same numeric branch. Moving between branches (1.0.1, 1.0.2, etc) you're highly likely to have incompatibilities. If you're not in control of the installed libraries on a system that you build binaries for, perhaps statically linking is a better option. It doesn't need to be openssl either, tried ssh -V on a Mac lately?