Re: Symbol conflict between libgnutls-openssl and real openssl

[Nikos Mavrogiannopoulos]

On Wed, Aug 27, 2008 at 6:34 PM, Simon Josefsson <address@hidden> wrote:

>> The nss_ldap links to openldap libraries which is itself linked to the
>> real OpenSSL libraries. Some symbols are then resolved from real OpenSSL
>> and some from libgnutls-openssl which causes crashes because they are of
>> course ABI incompatible.
>>
>> See:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=446860
>> and
>> https://bugzilla.redhat.com/show_bug.cgi?id=460310
>>
>> The proposal is to use #defines in the public headers of
>> gnutls/openssl.h to rename the symbols so they do not clash with real
>> OpenSSL. It would of course require SONAME bump of libgnutls-openssl and
>> rebuild of the dependent applications.
>>
>> What do you think about this proposal?
>
> I like it.  gnutls/openssl.h should thus contain a set of #define's such
> as:
>
> #define MD5_Init gnutls_openssl_MD5_Init
>
> Fortunately we have never guaranteed binary level compatibility with
> OpenSSL, so this change does not require any API changes in applications
> that uses libgnutls-openssl, just a recompile.  It will indeed require a
> SONAME bump, and currently both libgnutls and libgnutls-openssl share
> the same SONAME version.  We have discussed before if and how these
> versions can be separated.  I suspect we have to make a decision now.

I think this is too much fuss. The gnutls-openssl layer is quick and
dirty fix. I wouldn't recommend to any applications to use it. Either
use openssl or gnutls directly. If you have this issue why not
recompile the application with openssl instead?