3.0 beta1 feedback about (shared) library names

Richard Levitte levitte at openssl.org
Wed Jun 23 09:23:41 UTC 2021 

On Tue, 22 Jun 2021 21:58:30 +0200,
Michael Richardson wrote:
> 
> Richard Levitte <levitte at openssl.org> wrote:
>     >> But, having both "libssl-dev" and "libssl3-dev" installed at the same
>     >> time is going to be a problem.
> 
>     > Not really.  Programs that are built against OpenSSL's libraries will
>     > use the files from libssl-dev, and programs that are built against
>     > Mozilla's NSS libraries will use the files from libssl3-dev.
> 
> If both can be installed at the same time, great.

As far as I can tell, the Mozilla NSS Debian packages and the OpenSSL
Debian packages do not trample on each other, so they can be installed
at the same time.  Debian is generally pretty good at ensuring this.

>     > It's not at all pragmatic, let alone not at all cool, seeing that
>     > libssl3 isn't ours.  I hope you understand this at this point.
> 
> a) I think that Mozilla/Debian should plan to rename libssl3.so.
>    Obviously, that name comes from the era of "SSL 3.0" vs "TLS1.3".

I'm actually more ready to assume that the '3' is due to NSS being at
version 3.x as well.  They ship other libraries as well, with that
same number:

    grep '\.so' /var/lib/dpkg/info/libnss3\:amd64.list 
    /usr/lib/x86_64-linux-gnu/libnss3.so
    /usr/lib/x86_64-linux-gnu/libnssutil3.so
    /usr/lib/x86_64-linux-gnu/libsmime3.so
    /usr/lib/x86_64-linux-gnu/libssl3.so
    /usr/lib/x86_64-linux-gnu/nss/libfreebl3.so
    /usr/lib/x86_64-linux-gnu/nss/libfreeblpriv3.so
    /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so
    /usr/lib/x86_64-linux-gnu/nss/libnssdbm3.so
    /usr/lib/x86_64-linux-gnu/nss/libsoftokn3.so

However, if you want Debian to change how they package libnss, then
you should talk with them.  I would be surprised if they did, though,
because that would mean that libnss libraries would be named
differently on different platforms, and that's quite a can of worms.

> b) what I meant was uncool was that the next version of "libssl.so.1"
>    would be "libssl3.so.3" rather than "libssl.so.3"
>    Actually, at that point, you could consider "libopenssl.so.3".

Our library isn't named in a way that you deem uncool, so I guess
we're fine ;-)

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-users mailing list