Symbol conflict between libgnutls-openssl and real openssl

Simon Josefsson simon at josefsson.org
Wed Aug 27 23:36:11 CEST 2008


"Nikos Mavrogiannopoulos" <nmav at gnutls.org> writes:

> On Wed, Aug 27, 2008 at 6:58 PM, Nikos Mavrogiannopoulos
> <n.mavrogiannopoulos at gmail.com> wrote:
>
>>>> What do you think about this proposal?
>>>
>>> I like it.  gnutls/openssl.h should thus contain a set of #define's such
>>> as:
>>>
>>> #define MD5_Init gnutls_openssl_MD5_Init
>>>
>>> Fortunately we have never guaranteed binary level compatibility with
>>> OpenSSL, so this change does not require any API changes in applications
>>> that uses libgnutls-openssl, just a recompile.  It will indeed require a
>>> SONAME bump, and currently both libgnutls and libgnutls-openssl share
>>> the same SONAME version.  We have discussed before if and how these
>>> versions can be separated.  I suspect we have to make a decision now.
>>
>> I think this is too much fuss. The gnutls-openssl layer is quick and
>> dirty fix. I wouldn't recommend to any applications to use it. Either
>> use openssl or gnutls directly. If you have this issue why not
>> recompile the application with openssl instead?
>
> I'm not so much against any such patch. I'm mostly against maintaining
> this gnutls-openssl library. I think we should drop it.

I agree that libgnutls-openssl is ugly... however, I think there are
some licensing corner cases where libgnutls-openssl actually is useful
to some people.

I think if people send patches we can apply them, but I don't see any
reason to do anything beyond that.

/Simon





More information about the Gnutls-devel mailing list