[Pkg-openssl-devel] Re: Statement(s) on libssl situation desired

Nathanael Nerode neroden at twcny.rr.com
Fri Oct 21 02:50:01 UTC 2005


Florian Weimer wrote:
> * Nathanael Nerode:
> 
> 
>>Note the following apparent facts:
>>* libssl0.9.7 and libssl0.9.8, if linked in the same binary, will cause 
>>unpredictable failure due to symbol conflicts.
>>* This could be fixed if libssl0.9.8 had versioned symbols, which it doesn't 
>>yet.
> 
> 
> Are you sure?  I think it's not too uncommon that other libraries
> which depend on OpenSSL provide access to some underlying SSL
> functionality, directly exposing public SSL interfaces.  The dependent
> library typically does not provide a versioned ABI.
That's called "Eeeewwwww!"  :-)

Under those circumstances, the library reexporting parts of OpenSSL
actually changes ABI when OpenSSL changes ABI, and such libraries should
actually change their sonames or package names when relinking, forcing
strict versioned dependencies and relinking on all of their reverse
dependencies.  Yes, this is substantially uglier than what's currently
happening.

>  Now take two such
> dependent libaries, and you might still need some kind of transition.
> 
> However, the scenarios in which a versioned OpenSSL library does the
> right thing seems to be a strict superset of the non-versioned case,
> so it might still be a win.  It doesn't seem to be the whole story,
> though.




More information about the Pkg-openssl-devel mailing list