openssl: Add a warning about minor version bump and OpenSSH

Let's prevent bad thing from happening when we update to 3.1.0...
2025-01-31 11:21:59 +00:00 · 2023-03-15 14:17:56 +08:00 · 2023-03-15 14:17:56 +08:00 · bbaf00d415
commit bbaf00d415
parent 23a6c4c492
1 changed files with 14 additions and 0 deletions
--- a/chapter08/openssl.xml
+++ b/chapter08/openssl.xml
@ -98,6 +98,20 @@ make MANSUFFIX=ssl install</userinput></screen>
        number</emphasis>.
      </para>

+      <para>
+        If <application>OpenSSH</application> is installed, it will be an
+        exception of the general rule above.  It contains an
+        over-restrictive OpenSSL version check, so both SSH client and SSH
+        server will refuse to start if <application>OpenSSH</application>
+        is updated with MAJOR version number unchanged but MINOR version
+        number changed.  You need to rebuild
+        <application>OpenSSH</application> after such an upgrade.
+        <emphasis role='bold'>If <application>OpenSSH</application> is being
+        used to access the system, you must rebuild and reinstall it
+        after upgrading OpenSSL to a new MINOR version number before logout
+        or you won't be able to login via SSH anymore.</emphasis>
+      </para>
+
      <para>
        However, any running programs linked to those libraries need to be stopped
        and restarted. Read the related entries in