[csw-maintainers] OpenSSL project task order

Yann Rouillard yann at pleiades.fr.eu.org
Mon Jul 16 23:40:44 CEST 2012 

Hi Dago,

2012/6/20 Dagobert Michelsen <dam at opencsw.org>

> Hi Yann,
>
> [...]
>
>
> > As said before, it would be helpful to know when the dual runtime
> linking is really a problem, this would maybe help to significantly
> simplify the coordination work.
> >
> > Does someone know what happens exactly when a program is linked with two
> different libraries at runtime by the way of one of its dependancy ?
>
> The worst thing would be having two sets of global variables saving state
> for the different
> versions.
>
>
I made some checks and it seems it is worse than that. When both openssl
0.9.8 and openssl 1.0.0 are linked at runtime, only one of the two
libraries will be really used (if exported symbols are the same in both
versions).

I did: LD_DEBUG=all  LD_BIND_NOW=1 /opt/csw/bin/cadaver
after having reinstalled the libneon27 linked with openssl 0.9.8.

The result is that every symbol is linked with openssl 1.0.0 even for neon
that was linked against openssl 0.9.8 at compile time:
01278: binding file=/opt/csw/lib/i386/libneon.so.27 to
file=/opt/csw/lib/i386/libssl.so.1.0.0: symbol 'SSL_pending'
01278: binding file=/opt/csw/lib/i386/libneon.so.27 to
file=/opt/csw/lib/i386/libssl.so.1.0.0: symbol 'SSL_get_error'
01278: binding file=/opt/csw/lib/i386/libneon.so.27 to
file=/opt/csw/lib/i386/libssl.so.1.0.0: symbol 'SSL_read'
[...]

even libssl0.9.8 is linked against libcrypto.so.1.0.0:
binding file=/opt/csw/lib/pentium_pro/libssl.so.0.9.8 to
file=/opt/csw/lib/i386/libcrypto.so.1.0.0: symbol 'EVP_sha224'
[...]

It means that we are lucky that every packages dual linked with ssl0.9.8
and ssl1.0.0 already uploaded to unstable works. I suppose it just works
because openssl 1.0.0 and 0.9.8 are ABI compatibles enough so that it works
in most cases.


I suppose one possible solution to this problem would be to use versioned
symbols. This was already mentioned in a previous thread I think. Does
someone have some insights about the pros and cons of versioned symbols ?
Of course this would imply a new painful transition for openssl...


BTW, I also noticed that cadaver was directly linked with openssl 1.0.0
although it doesn't use any symbols from the ssl library. I will check
exactly why but I suppose if would be an interesting additional check for
checkpkg. Has anyone already looked in that problem ?


Yann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/maintainers/attachments/20120716/a03cc91a/attachment-0001.html>

More information about the maintainers mailing list