Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-451

libmariadb.so C Connector shared library has a dependency on versioned OpenSSL symbols

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 3.1.7
    • None
    • None
    • Red Hat 7.6

    Description

      I am attempting to use the libmariadb.so shared library from the mariadb-connector-c-3.1.7-linux-x86_64 binary download link.

      When linking against it using either the system OpenSSL 1.0.2 binaries or ones I built myself I see the following link error:

      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_get_error@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_get_peer_certificate@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_CTX_load_verify_locations@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_set_ex_data@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_use_certificate_file@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_get_ex_data@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_write@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_clear@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `CRYPTO_THREADID_set_numeric@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_set_cipher_list@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `ERR_get_error@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_NAME_ENTRY_get_data@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_CIPHER_get_name@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_use_PrivateKey@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_get_subject_name@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `CRYPTO_get_id_callback@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_load_error_strings@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_version@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_STORE_set_flags@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_new@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `CRYPTO_set_locking_callback@OPENSSL_1.0.0'
      		 
      /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_NAME_get_index_by_NID@OPENSSL_1.0.0'
      		 
      ...

      After doing some research I determined that the MariaDB C client has been built and linked on a system that has OpenSSL binaries that have version signed symbols.

      https://mta.openssl.org/pipermail/openssl-users/2018-July/008301.html

      Using these instructions I built new OpenSSL binaries that have the OPENSSL_1.0.0 version applied to all globally exported symbols. With this new set of binaries I am able to link against the MariaDB C Connector.

      Vanilla builds of OpenSSL do not document using symbol versioning and as far as I can tell the Red Hat 7.x distributions we are using do not provide them either.

      Is this by design or an accident. I think the generic Linux binaries should be linked against a more generic build of OpenSSL.

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          dritter David Ritter created issue -
          dritter David Ritter made changes -
          Field Original Value New Value
          Description I am attempting to use the mariadb-connector-c-3.1.7-linux-x86_64 binary [download link|https://downloads.mariadb.com/Connectors/c/connector-c-3.1.7/mariadb-connector-c-3.1.7-linux-x86_64.tar.gz].

          When linking against it using either the system OpenSSL 1.0.2 binaries or ones I built myself I see the following link error:

          {noformat}
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_get_error@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_get_peer_certificate@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_CTX_load_verify_locations@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_set_ex_data@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_use_certificate_file@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_get_ex_data@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_write@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_clear@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `CRYPTO_THREADID_set_numeric@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_set_cipher_list@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `ERR_get_error@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_NAME_ENTRY_get_data@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_CIPHER_get_name@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_use_PrivateKey@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_get_subject_name@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `CRYPTO_get_id_callback@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_load_error_strings@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_version@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_STORE_set_flags@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_new@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `CRYPTO_set_locking_callback@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_NAME_get_index_by_NID@OPENSSL_1.0.0'
          ...
          {noformat}

          After doing some research I determined that the MariaDB C client has been built and linked on a system that has OpenSSL binaries that have version signed symbols.

          https://mta.openssl.org/pipermail/openssl-users/2018-July/008301.html

          Using [these instructions|https://stackoverflow.com/questions/18390833/no-version-information-available.] I built new OpenSSL binaries that have the {{OPENSSL_1.0.0}} version applied to all globally exported symbols. With this new set of binaries I am able to link against the MariaDB C Connector.

          Vanilla builds of OpenSSL do not document using symbol versioning and as far as I can tell the Red Hat 7.x distributions we are using do not provide them either.

          Is this by design or an accident. I think the generic Linux binaries should be linked against a more generic build of OpenSSL.
          		I am attempting to use the libmariadb.so shared library from the mariadb-connector-c-3.1.7-linux-x86_64 binary [download link|https://downloads.mariadb.com/Connectors/c/connector-c-3.1.7/mariadb-connector-c-3.1.7-linux-x86_64.tar.gz].

          When linking against it using either the system OpenSSL 1.0.2 binaries or ones I built myself I see the following link error:

          {noformat}
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_get_error@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_get_peer_certificate@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_CTX_load_verify_locations@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_set_ex_data@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_use_certificate_file@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_get_ex_data@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_write@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_clear@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `CRYPTO_THREADID_set_numeric@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_set_cipher_list@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `ERR_get_error@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_NAME_ENTRY_get_data@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_CIPHER_get_name@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_use_PrivateKey@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_get_subject_name@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `CRYPTO_get_id_callback@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_load_error_strings@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_version@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_STORE_set_flags@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_new@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `CRYPTO_set_locking_callback@OPENSSL_1.0.0'
          /opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_NAME_get_index_by_NID@OPENSSL_1.0.0'
          ...
          {noformat}

          After doing some research I determined that the MariaDB C client has been built and linked on a system that has OpenSSL binaries that have version signed symbols.

          https://mta.openssl.org/pipermail/openssl-users/2018-July/008301.html

          Using [these instructions|https://stackoverflow.com/questions/18390833/no-version-information-available.] I built new OpenSSL binaries that have the {{OPENSSL_1.0.0}} version applied to all globally exported symbols. With this new set of binaries I am able to link against the MariaDB C Connector.

          Vanilla builds of OpenSSL do not document using symbol versioning and as far as I can tell the Red Hat 7.x distributions we are using do not provide them either.

          Is this by design or an accident. I think the generic Linux binaries should be linked against a more generic build of OpenSSL.
          Summary C Connector has a dependency on versioned OpenSSL symbols libmariadb.so C Connector shared library has a dependency on versioned OpenSSL symbols
          serg Sergei Golubchik added a comment -

          As workarounds you could use mariadb tarball from https://downloads.mariadb.org/mariadb/10.4.12/#os_group=linux_generic which includes Connector/C linked with GnuTLS.

          Or you can install from https://downloads.mariadb.org/mariadb/repositories/#distro=RedHat&distro_release=rhel7-amd64--rhel7&version=10.4 and you'll get Connector/C in MariaDB-shared rpm built with OpenSSL specifically on and for RHEL 7

          serg Sergei Golubchik added a comment - As workarounds you could use mariadb tarball from https://downloads.mariadb.org/mariadb/10.4.12/#os_group=linux_generic which includes Connector/C linked with GnuTLS. Or you can install from https://downloads.mariadb.org/mariadb/repositories/#distro=RedHat&distro_release=rhel7-amd64--rhel7&version=10.4 and you'll get Connector/C in MariaDB-shared rpm built with OpenSSL specifically on and for RHEL 7
          dritter David Ritter added a comment -

          I agree that those are both reasonable workarounds however I still content the generic Linux binaries should be linked against a more generic build of OpenSSL that doesn't have an arbitrary symbol versioning scheme (I say arbitrary because I can find nothing on the OpenSSL website or build instructions that not the version OPENSSL_1.0.0 is an official tag)

          dritter David Ritter added a comment - I agree that those are both reasonable workarounds however I still content the generic Linux binaries should be linked against a more generic build of OpenSSL that doesn't have an arbitrary symbol versioning scheme (I say arbitrary because I can find nothing on the OpenSSL website or build instructions that not the version OPENSSL_1.0.0 is an official tag)
          georg Georg Richter made changes -
          georg Georg Richter made changes -
          Priority Blocker [ 1 ] Major [ 3 ]
          julien.fritsch Julien Fritsch made changes -
          Workflow MariaDB connectors [ 103686 ] MariaDB v4 [ 160859 ]

          People

            georg Georg Richter
            dritter David Ritter
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.