[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Symbol conflict between libgnutls-openssl and real openssl
From: |
Simon Josefsson |
Subject: |
Re: Symbol conflict between libgnutls-openssl and real openssl |
Date: |
Wed, 27 Aug 2008 17:34:57 +0200 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux) |
Tomas Mraz <address@hidden> writes:
> Hello,
Hi Tomas!
> some symbols in libgnutls-openssl are not renamed from their originals
> in OpenSSL.
That is sort of the idea... However, I understand the problems it can
cause as you describe.
> Unfortunately this causes conflicts when the application indirectly
> links to some library which then links to openssl. The situation can
> happen for example in case the system is configured to use ldap in the
> nsswitch.conf.
>
> The nss_ldap links to openldap libraries which is itself linked to the
> real OpenSSL libraries. Some symbols are then resolved from real OpenSSL
> and some from libgnutls-openssl which causes crashes because they are of
> course ABI incompatible.
>
> See:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=446860
> and
> https://bugzilla.redhat.com/show_bug.cgi?id=460310
>
> The proposal is to use #defines in the public headers of
> gnutls/openssl.h to rename the symbols so they do not clash with real
> OpenSSL. It would of course require SONAME bump of libgnutls-openssl and
> rebuild of the dependent applications.
>
> What do you think about this proposal?
I like it. gnutls/openssl.h should thus contain a set of #define's such
as:
#define MD5_Init gnutls_openssl_MD5_Init
Fortunately we have never guaranteed binary level compatibility with
OpenSSL, so this change does not require any API changes in applications
that uses libgnutls-openssl, just a recompile. It will indeed require a
SONAME bump, and currently both libgnutls and libgnutls-openssl share
the same SONAME version. We have discussed before if and how these
versions can be separated. I suspect we have to make a decision now.
Please send a patch for further discussions.
Thanks,
/Simon
- Symbol conflict between libgnutls-openssl and real openssl, Tomas Mraz, 2008/08/27
- Re: Symbol conflict between libgnutls-openssl and real openssl,
Simon Josefsson <=
- Re: Symbol conflict between libgnutls-openssl and real openssl, Nikos Mavrogiannopoulos, 2008/08/27
- Re: Symbol conflict between libgnutls-openssl and real openssl, Nikos Mavrogiannopoulos, 2008/08/27
- Re: Symbol conflict between libgnutls-openssl and real openssl, Simon Josefsson, 2008/08/27
- Re: Symbol conflict between libgnutls-openssl and real openssl, Andrew McDonald, 2008/08/28
- Re: Symbol conflict between libgnutls-openssl and real openssl, Simon Josefsson, 2008/08/29
- Re: Symbol conflict between libgnutls-openssl and real openssl, Tomas Mraz, 2008/08/29