C library version conflicts, how to manage?

Question

I making C application. In build, I specify

LIBS=-lcrypto -lcurl

I get warning message,

/usr/bin/ld: warning: libcrypto.so.1.0.2, needed by /usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libcurl.so, may conflict with libcrypto.so.1.1

By default, -lcrypto is having relationship to 1.1 version. Libcurl depend on 1.0.2 version. I Make him quiet like

LIBS=/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2  -lcurl

But then functionality in included header #include <openssl/crypto.h> betrays linked version. Header has relationship with 1.1 version, not 1.0.2.

I wish for advices on how to manage problem. I depend on system CURL library, but it has dependency on version of OpenSSL that I not want. What to do?

Edit: Clarification: I do not wish to recompile CURL, if it would help. Is this common "Dependency hell" scenario?

Edit 2: Tracking down my so files, I find this,

$ dpkg --list | grep libssl1
ii  libssl1.0.0:amd64                     1.0.1t-1+deb8u6                      amd64        Secure Sockets Layer toolkit - shared libraries
ii  libssl1.0.2:amd64                     1.0.2k-1                             amd64        Secure Sockets Layer toolkit - shared libraries
ii  libssl1.1:amd64                       1.1.0e-1                             amd64        Secure Sockets Layer toolkit - shared libraries

$ apt-file list libssl1.0.0
# Nobody! Strange?
$ apt-file list libssl1.0.2 | grep libcrypto
libssl1.0.2: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2
$ apt-file list libssl1.1 | grep libcrypto
libssl1.1: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
$ ls -l /usr/lib/x86_64-linux-gnu/*libcrypto*
-rw-r--r-- 1 root root 4799548 Feb 16 17:57 /usr/lib/x86_64-linux-gnu/libcrypto.a
lrwxrwxrwx 1 root root      16 Feb 16 17:57 /usr/lib/x86_64-linux-gnu/libcrypto.so -> libcrypto.so.1.1
-rw-r--r-- 1 root root 2066816 Jan 26 23:40 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
-rw-r--r-- 1 root root 2492192 Jan 26 15:39 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2
-rw-r--r-- 1 root root 2686448 Feb 16 17:57 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
$ ls -l /usr/lib/x86_64-linux-gnu/*libcurl*
-rw-r--r-- 1 root root 1059312 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl.a
lrwxrwxrwx 1 root root      19 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.3 -> libcurl-gnutls.so.4
lrwxrwxrwx 1 root root      23 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4 -> libcurl-gnutls.so.4.4.0
-rw-r--r-- 1 root root  518560 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4.4.0
-rw-r--r-- 1 root root     951 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl.la
lrwxrwxrwx 1 root root      16 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl.so -> libcurl.so.4.4.0
lrwxrwxrwx 1 root root      12 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl.so.3 -> libcurl.so.4
lrwxrwxrwx 1 root root      16 Feb 21 22:38 /usr/lib/x86_64-linux-gnu/libcurl.so.4 -> libcurl.so.4.4.0
$ ldd /usr/lib/x86_64-linux-gnu/libcurl.so | grep libcrypto
    libcrypto.so.1.0.2 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 (0x00007fd97750a000)

As can see, last line demonstrates Debian package relies on this 1.0.2. When examining reverse dependencies on with apt-cache showpkg libssl1.0.2 I see great many things. Same for 1.1 version, it seems Debian enjoys both.

Answer 1

I got the same warning as you after upgrading from Debian 8 (jessie) to Debian 9 (stretch). The fix that worked for me is:

apt-get install libssl1.0-dev