Ran into this building a desktop app that uses LiveKit for calls and also keeps an encrypted SQLite DB (SQLCipher through rusqlite/libsqlite3-sys, built against OpenSSL).
The prebuilt libwebrtc that webrtc-sys ships bundles BoringSSL statically, and it exports all the crypto symbols globally — EVP_*, HMAC, PKCS5_PBKDF2_HMAC, AES_*, RAND_bytes, and so on. The moment anything else in the binary pulls in another libcrypto (OpenSSL in my case), the linker sees the same symbols defined twice and gives up — LNK1169 on MSVC, multiple definition from mold on Linux.
You can force it through with /FORCE:MULTIPLE (or -Wl,--allow-multiple-definition on Linux), but all that does is keep the first definition it sees and drop the rest, so the whole binary ends up using one of the two implementations for everything. In my case SQLCipher was compiled against OpenSSL's headers but got linked to BoringSSL's implementation. Different struct layouts, so it corrupted the heap the first time it actually did crypto — the app crashed natively on the first PRAGMA key when opening the DB, no Rust panic, and it took me ages to even realize it was a linking issue and not a logic bug.
I've got it working by pointing SQLCipher at the same BoringSSL that webrtc already bundles, so there's only one libcrypto in the binary. That works (SQLCipher 4.5.x happens to be BoringSSL-compatible) but it feels fragile and leans on webrtc-sys's prebuilt internals being there and not changing.
Since BoringSSL is an internal detail of webrtc-sys and nobody links against it directly, would it be possible to build the prebuilt with those symbols hidden/localized? Something like -fvisibility=hidden plus an export allowlist for the actual WebRTC API, or an objcopy --localize-symbols / version-script pass on the static lib. Then it wouldn't step on any other crypto library in the same process and people wouldn't need the force-multiple hack (which is a memory-corruption footgun, as above).
Versions: webrtc-sys 0.3.29, livekit 0.7.37. Hit it on both x86_64-pc-windows-msvc and x86_64-unknown-linux-gnu. Happy to put together a minimal repro (SQLCipher + LiveKit in one binary) if that'd help.
Ran into this building a desktop app that uses LiveKit for calls and also keeps an encrypted SQLite DB (SQLCipher through rusqlite/libsqlite3-sys, built against OpenSSL).
The prebuilt libwebrtc that webrtc-sys ships bundles BoringSSL statically, and it exports all the crypto symbols globally —
EVP_*,HMAC,PKCS5_PBKDF2_HMAC,AES_*,RAND_bytes, and so on. The moment anything else in the binary pulls in another libcrypto (OpenSSL in my case), the linker sees the same symbols defined twice and gives up —LNK1169on MSVC,multiple definitionfrom mold on Linux.You can force it through with
/FORCE:MULTIPLE(or-Wl,--allow-multiple-definitionon Linux), but all that does is keep the first definition it sees and drop the rest, so the whole binary ends up using one of the two implementations for everything. In my case SQLCipher was compiled against OpenSSL's headers but got linked to BoringSSL's implementation. Different struct layouts, so it corrupted the heap the first time it actually did crypto — the app crashed natively on the firstPRAGMA keywhen opening the DB, no Rust panic, and it took me ages to even realize it was a linking issue and not a logic bug.I've got it working by pointing SQLCipher at the same BoringSSL that webrtc already bundles, so there's only one libcrypto in the binary. That works (SQLCipher 4.5.x happens to be BoringSSL-compatible) but it feels fragile and leans on webrtc-sys's prebuilt internals being there and not changing.
Since BoringSSL is an internal detail of webrtc-sys and nobody links against it directly, would it be possible to build the prebuilt with those symbols hidden/localized? Something like
-fvisibility=hiddenplus an export allowlist for the actual WebRTC API, or anobjcopy --localize-symbols/ version-script pass on the static lib. Then it wouldn't step on any other crypto library in the same process and people wouldn't need the force-multiple hack (which is a memory-corruption footgun, as above).Versions: webrtc-sys 0.3.29, livekit 0.7.37. Hit it on both
x86_64-pc-windows-msvcandx86_64-unknown-linux-gnu. Happy to put together a minimal repro (SQLCipher + LiveKit in one binary) if that'd help.