* Theodore Ts'o: > If you can get upstream a patch so that coreutils could try to dlopen > OpenSSL and use it if it is available, but skip it if it is not, that > might be one way to avoid OpenSSL going into essential. The challenge > is that OpenSSL is not known for its ability to maintain a stable ABI, > but if we only care about supporting a specific version of OpenSSL > (the one which is shipped with coreutils) and given that the fallback > is a slower sha256sum, which IMHO is *not* a disaster, perhaps it's > doable?
I think the OpenSSL 3 ABI should be stable for quite some time. It's probably not even necessary to use dlvsym instead of dlsym because I think OpenSSL upstream just adds new functions if they need new behaviors.
