Am 20.10.2014 12:11, schrieb Drasha:

On Mon, 20 Oct 2014 09:38:55 +0200, Sönke Ludwig wrote:

Is it necessary to actually have two versions? Unless I'm mistaken, that
would always cause the linker to throw errors due to duplicate symbols,
except if the main application would dlopen its version of OpenSSL
instead of statically linking against it.

But the OpenSSL API is very stable, so it shouldn't matter much if a
newer version is used for either the application, or for libssh2.
Ideally, I would imagine to have two packages, one for OpenSSL and one
for libssh2, where each provides its part of the equation (linker flags
on Posix and linker flags + binaries on Windows). The libssh2 package
would then simply depend on the OpenSSL package to get its version of
the OpenSSL library.

Yep, I would consider this to be the ideal situation as well. However, I have not find a way to tell dub to add import libraries from another package to my project.

How complicated would it be to add this to dub? I imagine that all that would be needed is to enable adding other dub projects to sourcePaths (e.g., something like sourcePaths : ["!openssl"] with "!" meaning that is not a path on a filesystem, but a directory of a particular package).

It should be enough to add in this case "openssl" as a dependency to
"libssh2". All external link libraries will be linked to the final
binary (shared library or executable). They same should be true for
*.lib files passed to "sourceFiles", but I didn't verify this.