Comment # 3 on bug 1040356 from Dominique Leuenberger

(In reply to Oliver Kurz from comment #2)
> Do you know why `zypper install` wants to pull in a different version of
> libopenssl1?
> 
> Do I need to call `zypper dup --no-allow-vendor-change` every time I want to
> install a package to ensure I don't get conflicts? I am thinking about
> confused users here.

Your system is not up-to-date and between the snapshot you run and the one
published, openssl has seen quite some changes with versioned symbols.

your openQA package (and/or deps) are linked against the new version of
libopenssl1 which provides those symbols - hence doing zypper in wants to solve
this by getting this newer version.

It's a rare corner case where such massive changes happen together with a
package count reset - but they can happen.

The good thing is with the new packaging style, openssl 1.1 can start existing
and they should not destroy each other... so the small pain here is worth a lot
of gain