I'm trying to build something which is using both hyper and git2 at the same time. Now I've got a problem with openssl being linked twice. A tip by shepmaster lead me to Cargos features and I tried that but I'm still stuck.

The precise error I'm getting upon cargo build is the following:

error: native library `openssl` is being linked to by more than one version of the same package, but it can only be linked once; try updating or pinning your dependencies to ensure that this package only shows up once

  openssl-sys v0.7.17
  openssl-sys v0.9.1

As far as I can tell openssl is required both by git2 and hyper. Does anyone have any idea what I'm doing wrong? Since I disabled the default features for hyper (and cookie for good measure) openssl should not be required by it anymore. I've looked through the lock file to see if openssl is required by anything else but I couldn't find anything. But I still get the error. Unfortunately cargo doesn't tell me where the dependency comes from.

Here's my Cargo.toml's dependency section and the lock file:

[dependencies]
openssl = "0.9.1"
hoedown = "5.0.0"
iron = "0.4.0"
webbrowser = "0.1.3"
router = "0.4.0"
staticfile = "0.3.1"
clap = "2.18.0"
lazy_static = "0.2.2"
linked-hash-map = "0.3.0"
params = "0.5.0"
git2 = "0.6.1"

[dependencies.yaml-rust]
version = "0.3.4"
features = ["preserve_order"]

[dependencies.hyper]
version = "0.9.12"
default-features = false

[dependencies.cookie]
version = "0.2.5"
default-features = false

Here's the Cargo.lock in case that's of interest.

The problem is the combination of params and openssl:

[dependencies]
openssl = "0.9.1"
params = "0.5.0"

params 0.5 requires multipart 0.8, with features server, but without default-features = false:

[dependencies.multipart]
features = ["server"]
version = "0.8"

That means multipart 0.8 will also require hyper 0.9. And hyper (using the default features) requires openssl 0.7.

There is a ticket in hyper to switch to a newer openssl version.