[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

Kurt Roeckx <kurt@roeckx.be> writes:
> On Sat, Jul 12, 2014 at 01:53:45PM +0200, Toni Mueller wrote:

>> my intention is to package this stuff so one can have both openssl and
>> libressl installed in parallel. libressl currently has libraries with
>> these sonames:

>> libssl.so.26
>> libcrypto.so.29

> I don't really like it, since it could potentionally clash with
> the ones provided by openssl.  But it seems unlikely that openssl
> will ever use that as soname.

We've done this for years with Heimdal and MIT Kerberos, and it seems to
be mostly okay.  The one big caveat, though, is that this only works if
nearly all of the archive is linked with one of the two, and the other is
there pretty much just for users and not for anything else.  For Kerberos
libraries, that's MIT Kerberos.

If you start using both for different packages, then you end up with
shared libraries conflicting over which libssl they want to use, and then
bad things start happening.

So, in other words, it's fine to have it packaged with different SONAMEs
and available for people to use, but switching the archive from one
OpenSSL ABI implementation to another is something of an all-or-nothing
affair.  You can do a small amount of building key packages with the other
implementation (like we do now with libpam-heimdal and
libsasl2-modules-gssapi-heimdal), but that's both tricky and quite
limited.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: