Best way to have a system with openssl-1.1 and 3.0?
brunni at netestate.de
Tue Sep 5 17:58:12 UTC 2023
I am planning the migration to openssl 3.0 on my self-compiled linux systems.
There is a non-negotiable requirement to support old packages that will only
compile with openssl 1.1 - like PHP < 8.1. This is usually not a problem as
the openssl 3 shared libraries have a new version number but there are some
tricky dependency-problems - one of which I cannot solve:
I assume that no binary should both link to openssl 1.1 and 3.0 either directly
or indirectly (via shared libraries using openssl)? This poses a problem with
apache, libcurl and libmysql which are all used by php and linked to openssl.
I can install apache linked with openssl 3.0 under a separate prefix and
compile php (also installed under a version-specific prefix) with mysqlnd such
that libmysql is not linked. This leaves only libcurl as a problem and I do
not know how to solve it. I tried installing libcurl linked with openssl 1.1
under /usr/curl_openssl1 and then compiling php with that path specified.
But the Loader will alway prefer the libcurl.so.4 found under /usr/lib64
to the one under /usr/curl_openssl1/lib. It seems having two libcurls with
the same version number linked to different openssl version is not an option.
Is there a way to solve this?
++ Michael Brunnbauer
++ netEstate GmbH
++ Geisenhausener Straße 11a
++ 81379 München
++ Tel +49 89 32 19 77 80
++ Fax +49 89 32 19 77 89
++ E-Mail brunni at netestate.de
++ Sitz: München, HRB Nr.142452 (Handelsregister B München)
++ USt-IdNr. DE221033342
++ Geschäftsführer: Michael Brunnbauer
++ Prokurist: Dipl. Kfm. (Univ.) Markus Hendel
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 195 bytes
Desc: not available
More information about the openssl-users