squid (GnuTLS flavour) links with OpenSSL libs

Something in Ubuntu's squid build causes it to link with OpenSSL's libssl.so.3:

root@jammy:~# apt-get install -y squid

root@jammy:~# dpkg -l| grep -w squid | grep GnuTLS
ii squid 5.2-1ubuntu3 amd64 Full featured Web Proxy cache (HTTP proxy GnuTLS flavour)

root@jammy:~# squid -v | grep -E 'ssl|tls'
This binary uses OpenSSL 3.0.2 15 Mar 2022. configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' 'BUILDCXXFLAGS=-g -O2 -ffile-prefix-map=/build/squid-V7aRc2/squid-5.2=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now ' 'BUILDCXX=g++' '--with-build-environment=default' '--enable-build-info=Ubuntu linux' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,SMB_LM' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group' '--enable-security-cert-validators=fake' '--enable-storeid-rewrite-helpers=file' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/run/squid.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' '--with-systemd' '--with-gnutls' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/squid-V7aRc2/squid-5.2=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now ' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -ffile-prefix-map=/build/squid-V7aRc2/squid-5.2=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security'

root@jammy:~# ldd /usr/sbin/squid | grep -E 'ssl|tls'
 libssl.so.3 => /lib/x86_64-linux-gnu/libssl.so.3 (0x0000709301f8c000)

root@jammy:~# dpkg -S libssl.so.3
libssl3:amd64: /usr/lib/x86_64-linux-gnu/libssl.so.3

In the above, we see that squid was built using `--with-gnutls` but it somehow got linked to libssl.

The problem does NOT manifest on Debian Sid so it is Ubuntu specific. It also explains why squid tries to read `openssl.cnf` (LP: #1967807).

# Additional information

root@jammy:~# lsb_release -rd
Description: Ubuntu Jammy Jellyfish (development branch)
Release: 22.04
root@jammy:~# apt-cache policy squid
squid:
  Installed: 5.2-1ubuntu3
  Candidate: 5.2-1ubuntu3
  Version table:
 *** 5.2-1ubuntu3 500
        500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages
        100 /var/lib/dpkg/status