Symbol conflict between libgnutls-openssl and real openssl

Nikos Mavrogiannopoulos n.mavrogiannopoulos at
Wed Aug 27 17:58:04 CEST 2008

On Wed, Aug 27, 2008 at 6:34 PM, Simon Josefsson <simon at> wrote:

>> The nss_ldap links to openldap libraries which is itself linked to the
>> real OpenSSL libraries. Some symbols are then resolved from real OpenSSL
>> and some from libgnutls-openssl which causes crashes because they are of
>> course ABI incompatible.
>> See:
>> and
>> The proposal is to use #defines in the public headers of
>> gnutls/openssl.h to rename the symbols so they do not clash with real
>> OpenSSL. It would of course require SONAME bump of libgnutls-openssl and
>> rebuild of the dependent applications.
>> What do you think about this proposal?
> I like it.  gnutls/openssl.h should thus contain a set of #define's such
> as:
> #define MD5_Init gnutls_openssl_MD5_Init
> Fortunately we have never guaranteed binary level compatibility with
> OpenSSL, so this change does not require any API changes in applications
> that uses libgnutls-openssl, just a recompile.  It will indeed require a
> SONAME bump, and currently both libgnutls and libgnutls-openssl share
> the same SONAME version.  We have discussed before if and how these
> versions can be separated.  I suspect we have to make a decision now.

I think this is too much fuss. The gnutls-openssl layer is quick and
dirty fix. I wouldn't recommend to any applications to use it. Either
use openssl or gnutls directly. If you have this issue why not
recompile the application with openssl instead?

More information about the Gnutls-devel mailing list