On Mon, 2008-08-25 at 20:04 +0200, Hans de Goede wrote:
The story begins here:
The problem is, or I believe it to be, that when an application
uses libgnutls-openssl (meant for easy use of porting openssl
programs to gnutls) for example because of the openssl license
issues, and then a library uses the real openssl (for example glibc
through nss_ldap) then in the nss_ldap example, the layer dlopen's
nss_ldap starts using the openssl symbols from gnutls instead of
those from openssl, but they are not ABI compatible -> boom.
Luckily the list of libgnutls-openssl users seems small:
[hans localhost src]$ repoquery -q --whatrequires
So only 3 programs are affected, given that the same may happen
when any used library uses the real openssl and the application or
any other library uses gnutls-openssl, I would like to suggest the
removal of libgnutls-openssl from Fedora, as long as we have this
openssl libraries mess (which we unfortunately do) we should make
sure that the various ssl libraries do not have symbol clashes, as
changes are that through a mix of libraries an application may be
using 2 (or even 3) different ssl libs.
So whats your 2 cents on this?
How does the NSS (Mozilla SSL) OpenSSL wrapper avoid this problem?