Package: libhrash0 Version: 1.4.2-1 Severity: normal I notice that even if I recompile rhash against the latest libssl-dev, the Recommends is still on libssl1.1. And it appears that this is because the source code does a dlopen trying a hard-coded list of library names, and libcrypto.so.3 is not in that list.
I also notice that libcrypto.so is at the front of the list, which means that the behavior might be different if libssl-dev version 3.* is installed, versus if it's not installed but it happens that the obsolete package libssl1.1 is installed. Normally, I would recommend that code not do a dlopen on a development .so link and instead it should dlopen based on the library's SONAME. (So, I would suggest removing the "libcrypto.so" entry from the head of the libNames list.) -- Daniel Schepler
