3.0 beta1 feedback about (shared) library names

[Benjamin Kaduk]

On Mon, Jun 21, 2021 at 10:23:06PM -0400, Michael Richardson wrote:
> 
> I downloaded and compiled opensssl 3.0.0-beta1 from git today.
> I installed into a private prefix.
> 
> While my debian desktop system has:
> 
> %ls -l /usr/lib/x86_64-linux-gnu/libssl*
> -rw-r--r-- 1 root root  357056 Jul  8  2020 /usr/lib/x86_64-linux-gnu/libssl3.so
> -rw-r--r-- 1 root root 1000534 Feb 16 17:08 /usr/lib/x86_64-linux-gnu/libssl.a
> lrwxrwxrwx 1 root root      13 Feb 16 17:08 /usr/lib/x86_64-linux-gnu/libssl.so -> libssl.so.1.1
> -rw-r--r-- 1 root root  435704 Jul  4  2017 /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
> -rw-r--r-- 1 root root  431232 Dec 23  2019 /usr/lib/x86_64-linux-gnu/libssl.so.1.0.2
> -rw-r--r-- 1 root root  593696 Feb 16 17:08 /usr/lib/x86_64-linux-gnu/libssl.so.1.1
> 
> %ls -l /usr/lib/x86_64-linux-gnu/libcrypto*
> -rw-r--r-- 1 root root 5399144 Feb 16 17:08 /usr/lib/x86_64-linux-gnu/libcrypto.a
> lrwxrwxrwx 1 root root      16 Feb 16 17:08 /usr/lib/x86_64-linux-gnu/libcrypto.so -> libcrypto.so.1.1
> -rw-r--r-- 1 root root 2494464 Jul  4  2017 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
> -rw-r--r-- 1 root root 2504576 Dec 23  2019 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2
> -rw-r--r-- 1 root root 3031904 Feb 16 17:08 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
> 
> WTF is libssl3.so?  I still don't know, but:
> 
> %dpkg -S /usr/lib/x86_64-linux-gnu/libssl3.so
> libnss3:amd64: /usr/lib/x86_64-linux-gnu/libssl3.so
> something up there that should be concerning, because maybe it will cause confusion.

NSS is the mozilla TLS stack, used by firefox/etc.

> My newly installed openssl 3 has:
> 
> %ls -l /sandel/3rd/openssl3/lib
> total 16188
> drwxr-xr-x 2 mcr mcr    4096 Jun 21 21:29 engines-3/
> -rw-r--r-- 1 mcr mcr 9307420 Jun 21 21:29 libcrypto.a
> lrwxrwxrwx 1 mcr mcr      14 Jun 21 21:29 libcrypto.so -> libcrypto.so.3*
> -rwxr-xr-x 1 mcr mcr 5205856 Jun 21 21:29 libcrypto.so.3*
> -rw-r--r-- 1 mcr mcr 1251782 Jun 21 21:29 libssl.a
> lrwxrwxrwx 1 mcr mcr      11 Jun 21 21:29 libssl.so -> libssl.so.3*
> -rwxr-xr-x 1 mcr mcr  794496 Jun 21 21:29 libssl.so.3*
> drwxr-xr-x 2 mcr mcr    4096 Jun 21 21:29 ossl-modules/
> drwxr-xr-x 2 mcr mcr    4096 Jun 21 21:29 pkgconfig/
> 
> So I see that the versioned .so file will be somewhat related to the version.
> Distros will be able to ship openssl1.x and openssl3.x shared libraries at
> the same time.
> 
> But, having both "libssl-dev" and "libssl3-dev" installed at the same time is
> going to be a problem.

This is typically solved at the distro layer, not by "upstream" ... often by
just saying you only get to have one installed at a time, and making you swap
back and forth.

Other times the packages will create "-multidev" libraries that install into
a subdirectory, e.g., krb5-multidev installs into /usr/lib/{triple}/mit-krb5
and there's a libkrb5-dev that makes symlinks from the parent directory.

-Ben

> I think that the differences in ABI may be significant enough that you should
> consider calling it "libssl3" and "libcrypto3".  Yeah, maybe that's uncool,
> but it may be pragmatic.
> 
> {ps: I am working on the ruby openssl library next to see what happens}
> 
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>