Best way to have a system with openssl-1.1 and 3.0?

[Michael Brunnbauer]

hi all,

I am planning the migration to openssl 3.0 on my self-compiled linux systems.
There is a non-negotiable requirement to support old packages that will only
compile with openssl 1.1 - like PHP < 8.1. This is usually not a problem as
the openssl 3 shared libraries have a new version number but there are some
tricky dependency-problems - one of which I cannot solve:

I assume that no binary should both link to openssl 1.1 and 3.0 either directly
or indirectly (via shared libraries using openssl)? This poses a problem with 
apache, libcurl and libmysql which are all used by php and linked to openssl.

I can install apache linked with openssl 3.0 under a separate prefix and
compile php (also installed under a version-specific prefix) with mysqlnd such 
that libmysql is not linked. This leaves only libcurl as a problem and I do
not know how to solve it. I tried installing libcurl linked with openssl 1.1
under /usr/curl_openssl1 and then compiling php with that path specified.

But the Loader will alway prefer the libcurl.so.4 found under /usr/lib64
to the one under /usr/curl_openssl1/lib. It seems having two libcurls with
the same version number linked to different openssl version is not an option.

Is there a way to solve this?

Regards,

Michael Brunnbauer

-- 
++  Michael Brunnbauer
++  netEstate GmbH
++  Geisenhausener Straße 11a
++  81379 München
++  Tel +49 89 32 19 77 80
++  Fax +49 89 32 19 77 89 
++  E-Mail brunni at netestate.de
++  https://www.netestate.de/
++
++  Sitz: München, HRB Nr.142452 (Handelsregister B München)
++  USt-IdNr. DE221033342
++  Geschäftsführer: Michael Brunnbauer
++  Prokurist: Dipl. Kfm. (Univ.) Markus Hendel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230905/d016cb82/attachment.sig>