3.0 beta1 feedback about (shared) library names

Richard Levitte levitte at openssl.org
Tue Jun 22 17:44:44 UTC 2021

On Tue, 22 Jun 2021 04:23:06 +0200,
Michael Richardson wrote:
> WTF is libssl3.so?  I still don't know, but:
> %dpkg -S /usr/lib/x86_64-linux-gnu/libssl3.so
> libnss3:amd64: /usr/lib/x86_64-linux-gnu/libssl3.so
> something up there that should be concerning, because maybe it will cause confusion.

Here's how to take a closer look at Debian packages:

    $ apt show libnss3
    Package: libnss3
    Version: 2:3.67-1
    Priority: optional
    Section: libs
    Source: nss
    Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla at tracker.debian.org>
    Installed-Size: 4,173 kB
    Depends: libc6 (>= 2.14), libnspr4 (>= 2:4.12), libsqlite3-0 (>= 3.5.9)
    Conflicts: libnss3-1d (<< 2:3.13.4-2)
    Homepage: http://www.mozilla.org/projects/security/pki/nss/
    Tag: role::shared-lib
    Download-Size: 1,316 kB
    APT-Manual-Installed: no
    APT-Sources: http://ftp.se.debian.org/debian unstable/main amd64 Packages
    Description: Network Security Service libraries
     This is a set of libraries designed to support cross-platform development
     of security-enabled client and server applications. It can support SSLv2
     and  v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and
     other security standards.

As you can see, libnss3 packages Mozilla's NSS project, not OpenSSL.

I just had a look at the source of that package, and it makes it clear
that libnss3.so is actually the NSS project's own name for their SSL
library, so this isn't even a packaging problem.

> But, having both "libssl-dev" and "libssl3-dev" installed at the same time is
> going to be a problem.

Not really.  Programs that are built against OpenSSL's libraries will
use the files from libssl-dev, and programs that are built against
Mozilla's NSS libraries will use the files from libssl3-dev.

Yes, I agree that it's unfortunate that the library names are so
similar, because confusion.  I understand that.

> I think that the differences in ABI may be significant enough that you should
> consider calling it "libssl3" and "libcrypto3".  Yeah, maybe that's uncool,
> but it may be pragmatic.

It's not at all pragmatic, let alone not at all cool, seeing that
libssl3 isn't ours.  I hope you understand this at this point.


Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-users mailing list