Oct 26, 2010, 07:42 PM
All they need to do is link libssl.so.6 to the version of libssl actually installed. They do not need to actually install anything.
Since everyone potentially has a different version installed, I cannot link to a specific one. The only think I could possibly do is statically link or dynamically search for the version installed and gather function pointers from it. Neither of these will be happening very soon.
You should convince your host to just link libssl.so.6 to whatever version is installed. They do not need to install any old version, so there will be no security issue here.
Since everyone potentially has a different version installed, I cannot link to a specific one. The only think I could possibly do is statically link or dynamically search for the version installed and gather function pointers from it. Neither of these will be happening very soon.
You should convince your host to just link libssl.so.6 to whatever version is installed. They do not need to install any old version, so there will be no security issue here.