Menu
I making C application. In build, I specify
LIBS=-lcrypto -lcurl
I get warning message,
/usr/bin/ld: warning: libcrypto.so.1.0.2, needed by /usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libcurl.so, may conflict with libcrypto.so.1.1
By default, -lcrypto is having relationship to 1.1 version. Libcurl depend on 1.0.2 version. I Make him quiet like
LIBS=/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 -lcurl
But then functionality in included header #include <openssl/crypto.h> betrays linked version. Header has relationship with 1.1 version, not 1.0.2.
I wish for advices on how to manage problem. I depend on system CURL library, but it has dependency on version of OpenSSL that I not want. What to do?
Edit: Clarification: I do not wish to recompile CURL, if it would help. Is this common "Dependency hell" scenario?
Edit 2: Tracking down my so files, I find this,
$ dpkg --list | grep libssl1
ii libssl1.0.0:amd64 1.0.1t-1+deb8u6 amd64 Secure Sockets Layer toolkit - shared libraries
ii libssl1.0.2:amd64 1.0.2k-1 amd64 Secure Sockets Layer toolkit - shared libraries
ii libssl1.1:amd64 1.1.0e-1 amd64 Secure Sockets Layer toolkit - shared libraries
$ apt-file list libssl1.0.0
# Nobody! Strange?
$ apt-file list libssl1.0.2 | grep libcrypto
libssl1.0.2: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2
$ apt-file list libssl1.1 | grep libcrypto
libssl1.1: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
$ ls -l /usr/lib/x86_64-linux-gnu/*libcrypto*
-rw-r--r-- 1 root root 4799548 Feb 16 17:57 /usr/lib/x86_64-linux-gnu/libcrypto.a
lrwxrwxrwx 1 root root 16 Feb 16 17:57 /usr/lib/x86_64-linux-gnu/libcrypto.so -> libcrypto.so.1.1
-rw-r--r-- 1 root root 2066816 Jan 26 23:40 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
-rw-r--r-- 1 root root 2492192 Jan 26 15:39 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2
-rw-r--r-- 1 root root 2686448 Feb 16 17:57 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
$ ls -l /usr/lib/x86_64-linux-gnu/*libcurl*
-rw-r--r-- 1 root root 1059312 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl.a
lrwxrwxrwx 1 root root 19 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.3 -> libcurl-gnutls.so.4
lrwxrwxrwx 1 root root 23 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4 -> libcurl-gnutls.so.4.4.0
-rw-r--r-- 1 root root 518560 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4.4.0
-rw-r--r-- 1 root root 951 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl.la
lrwxrwxrwx 1 root root 16 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl.so -> libcurl.so.4.4.0
lrwxrwxrwx 1 root root 12 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl.so.3 -> libcurl.so.4
lrwxrwxrwx 1 root root 16 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl.so.4 -> libcurl.so.4.4.0
$ ldd /usr/lib/x86_64-linux-gnu/libcurl.so | grep libcrypto
libcrypto.so.1.0.2 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 (0x00007fd97750a000)
As can see, last line demonstrates Debian package relies on this 1.0.2. When examining reverse dependencies on with apt-cache showpkg libssl1.0.2 I see great many things. Same for 1.1 version, it seems Debian enjoys both.
785
Repack your libraries into a new assembly – You can prevent a version conflict altogether by renaming the library and its references. You won't be able to do it manually because of the way the CLR loads assemblies, but there are solutions like ILMerge and il-repack that can do that for you.
The best way to solve version conflicts is to prevent these conflicts in the first place. If you can change dependencies to use the same library version, then that's the best policy. In the case of a diamond dependency conflict, updating the libraries sometimes changes their referenced libraries, which can match the right versions.
There are two way to resolve this conflict. You can force gradle to use certain version of dependency including transitive dependency. You can also define substitution rule for dependency. I hope that now you might be able to resolve your version conflict issue. You can also read the official gradle docs for more information.
How does NPM handle version conflicts ? Consider a case where we have installed a module say A. Now we want to install another module called B and B depends on A but the problem is the version of A which is required by module B is different from the version of A installed at first.
I got the same warning as you after upgrading from Debian 8 (jessie) to Debian 9 (stretch). The fix that worked for me is:
apt-get install libssl1.0-dev
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
