-
Notifications
You must be signed in to change notification settings - Fork 161
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MbedTLS linking issues with HashLink binaries on Linux #595
Comments
Should we not link to libmbedtls.so directly ? It should be backward and
forward compatible. Unless it's not?
Le mar. 21 mars 2023 à 21:03, tobil4sk ***@***.***> a écrit :
… Since the binaries are currently compiled on Ubuntu 18.04 which has
mbedtls 2.8.0, ssl.hdll is linked to libmbedtls.so.10. Ubuntu 20.04 has
libmbedtls.so.12, and Ubuntu 22.04 has libmbedtls.so.14, which is the
current version for MbedTLS 2. This means that if hashlink continues to
link mbedtls dynamically, the binaries cannot work on all versions of Linux
at once. Even MbedTLS 3 seems to change the .so name with every minor
release: https://abi-laboratory.pro/?view=timeline&l=mbedtls
We could start linking mbedtls statically, but that means the mbedtls
version will be stuck at whatever hashlink was compiled with, which is a
security concern.
This is possibly the root cause of issues like #590
<#590>.
—
Reply to this email directly, view it on GitHub
<#595>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAHZXQDDYVGS6L45GYWU27TW5ICPNANCNFSM6AAAAAAWC5QFQE>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Every time the https://unix.stackexchange.com/questions/475/how-do-so-shared-object-numbers-work |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Since the binaries are currently compiled on Ubuntu 18.04 which has mbedtls 2.8.0, ssl.hdll is linked to
libmbedtls.so.10
. Ubuntu 20.04 haslibmbedtls.so.12
, and Ubuntu 22.04 haslibmbedtls.so.14
, which is the current version for MbedTLS 2. This means that if hashlink continues to link mbedtls dynamically, the binaries cannot work on all versions of Linux at once. Even MbedTLS 3 seems to change the .so name with every minor release: https://abi-laboratory.pro/?view=timeline&l=mbedtlsWe could start linking mbedtls statically, but that means the mbedtls version will be stuck at whatever hashlink was compiled with, which is a security concern.
This is possibly the root cause of issues like #590.
The text was updated successfully, but these errors were encountered: