Gentoo's Bugzilla – Bug 770379 net-misc/curl-7.75.0 (since 7.74.0-r4) has suboptimal dependency for the sslv3 USE flag Last modified: 2023-05-25 11:12:07 UTC node [vulture] which forces an exact match. However, curl can be built without sslv3 support (which is the better option) against an openssl with sslv3 support (should this be needed for other use cases). A better choice would be openssl? ( dev-libs/openssl:0=[sslv3?,static-libs?,${MULTILIB_USEDEP}] which forces on sslv3 on openssl if it's enabled for curl, but ignores it otherwise.

Unfortunately can't do that, it re-introduce the original automagic issue that this is meant to fix.
# USE=sslv3 emerge -1 openssl
# USE=-sslv3 emerge -1 curl (allowed due to sslv3?)
# USE=-sslv3 emerge -1 openssl
x86_64-pc-linux-gnu-gcc -o test test.c -lcurl
/usr/lib/gcc/x86_64-pc-linux-gnu/10.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: /usr/lib/gcc/x86_64-pc-linux-gnu/10.2.0/../../../../lib64/libcurl.so: undefined reference to `SSLv3_client_method@OPENSSL_1_1_0'
collect2: error: ld returned 1 exit status

For future reference: -sslv3 on curl does not do what one would expect. It does not *disable* sslv3 support in curl, as that is still autodetected from an OpenSSL with enables SSLv3 support. What Ionen describes is the situation where a user installs an OpenSSL with sslv3 useflag, builds curl against it, then disables sslv3 on OpenSSL. Portage has no way to understand that libcurl requires OpenSSL with SSLv3 support (as curl is build with -sslv3), and thus a rebuild failes to consider it. The proper solution would be to create a patch for curl that actually force-disables sslv3 support on top of the requested change.

(In reply to Ionen Wolkens from comment #4)
> Re-opening given getting user requests to find an alternate (working)
> solution for this, I'll leave decision up to the maintainer on what to do
> with this.
The logic in the build system is convoluted, which is one of the reasons I went with a match with openssl.

These sslv3 issues may be more far reaching than just curl
wget and curl built with -Wl,-z,now:
$ wget
wget: symbol lookup error: wget: undefined symbol: SSLv3_client_method, version OPENSSL_1_1_0
$ curl
curl: symbol lookup error: /usr/lib64/libcurl.so.4: undefined symbol: SSLv3_client_method, version OPENSSL_1_1_0
Now I just lost both fetching tools.

+ This is irrelevant with openssl 3 + All versions of cURL for the last two years (almost to the day) refuse to do sslv3 connections + Blanket disabling sslv3 to prevent an unlikely issue from occurring is unpalatable; someone, somewhere, may want to enable it + I don't want to maintain a curl build system patch that won't be upstreamed + Just use a modern / decent TLS implementation