[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Statement(s) on libssl situation desired

Florian Weimer wrote:
> * Nathanael Nerode:
>>Note the following apparent facts:
>>* libssl0.9.7 and libssl0.9.8, if linked in the same binary, will cause 
>>unpredictable failure due to symbol conflicts.
>>* This could be fixed if libssl0.9.8 had versioned symbols, which it doesn't 
> Are you sure?  I think it's not too uncommon that other libraries
> which depend on OpenSSL provide access to some underlying SSL
> functionality, directly exposing public SSL interfaces.  The dependent
> library typically does not provide a versioned ABI.
That's called "Eeeewwwww!"  :-)

Under those circumstances, the library reexporting parts of OpenSSL
actually changes ABI when OpenSSL changes ABI, and such libraries should
actually change their sonames or package names when relinking, forcing
strict versioned dependencies and relinking on all of their reverse
dependencies.  Yes, this is substantially uglier than what's currently

>  Now take two such
> dependent libaries, and you might still need some kind of transition.
> However, the scenarios in which a versioned OpenSSL library does the
> right thing seems to be a strict superset of the non-versioned case,
> so it might still be a win.  It doesn't seem to be the whole story,
> though.

Reply to: