[MDEV-12763] 10.2 uses deprecated openssl 1.0 apis even with 1.1 - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.1.6
Fix Version/s: 10.2.9
Component/s: Compiling, SSL
Labels:
None

Description

If openssl is compiled with the --api=1.1.0 switch, it no longer exports deprecated 1.0 apis.

With such openssl MariaDB does not compile at all — it still uses openssl 1.0 api even when compiled with openssl 1.1. It should not.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

MDEV-12763.patch
3 kB
2017-05-10 11:23

Activity

Ascending order - Click to sort in descending order

View 9 older comments

pgnd added a comment - 2017-07-13 15:31

> Your last error is because libmariadb submodule is out of sync. Run git submodule update.

yep – missed that!

> I have a commit that makes cmake to run git submodule update automatically, but need to test it a bit more before pushing in the main branch.

noted

with

git clean -xfd

git reset --hard HEAD

git pull

git submodule update

	Submodule path 'libmariadb': checked out 'eb058204233863f1b949209e5c4649489174d299'

	Submodule path 'storage/rocksdb/rocksdb': checked out 'd616ebea23fa88cb9c2c8588533526a566d9cfab'

then

patch -p1 < ../MDEV-12763.patch

and

cmake ..  \

 -DWITH_SSL=/usr/local/openssl11 \

 -DWITH_SSL_PATH=/usr/local/openssl11 \

 ... etc etc ...

now, back in business

make V=1 -j4

...

	[100%] Linking CXX executable mariabackup

	[100%] Built target mariabackup

ldd sql/mysqld libmariadb/libmariadb/*so | egrep -i "ssl|crypto"

	libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007f8228cf5000)

	libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007f8228849000)

	libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007faf443ea000)

	libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007faf43f3e000)

	libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007fc4e3bd8000)

	libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007fc4e372c000)

	libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007fac25be4000)

	libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007fac25738000)

sql/mysqld -V

	sql/mysqld  Ver 10.2.8-MariaDB-log for Linux on x86_64 (Source distribution)

pgnd added a comment - 2017-07-13 15:31 > Your last error is because libmariadb submodule is out of sync. Run git submodule update. yep – missed that! > I have a commit that makes cmake to run git submodule update automatically, but need to test it a bit more before pushing in the main branch. noted with git clean -xfd git reset --hard HEAD git pull git submodule update Submodule path 'libmariadb': checked out 'eb058204233863f1b949209e5c4649489174d299' Submodule path 'storage/rocksdb/rocksdb': checked out 'd616ebea23fa88cb9c2c8588533526a566d9cfab' then patch -p1 < ../MDEV-12763.patch and cmake .. \ -DWITH_SSL=/usr/local/openssl11 \ -DWITH_SSL_PATH=/usr/local/openssl11 \ ... etc etc ... now, back in business make V=1 -j4 ... [100%] Linking CXX executable mariabackup [100%] Built target mariabackup ldd sql/mysqld libmariadb/libmariadb/*so | egrep -i "ssl|crypto" libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007f8228cf5000) libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007f8228849000) libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007faf443ea000) libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007faf43f3e000) libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007fc4e3bd8000) libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007fc4e372c000) libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007fac25be4000) libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007fac25738000) sql/mysqld -V sql/mysqld Ver 10.2.8-MariaDB-log for Linux on x86_64 (Source distribution)

pgnd added a comment - 2017-08-24 20:35 - edited

@serg

> I'll increase the priority of this issue, should be in the next release.

Although,

	https://downloads.mariadb.org/mariadb/+releases/

	  10.2

	    Name    Release Date  Release Status

	    10.2.8  2017-08-18    Stable

this bug's still open.

Has the issue been fixed & merged, and this bug just not updated accordingly?

Or is this, in fact, still unaddressed & unresolved?

pgnd added a comment - 2017-08-24 20:35 - edited @serg > I'll increase the priority of this issue, should be in the next release. Although, https://downloads.mariadb.org/mariadb/+releases/ 10.2 Name Release Date Release Status 10.2.8 2017-08-18 Stable this bug's still open. Has the issue been fixed & merged, and this bug just not updated accordingly? Or is this, in fact, still unaddressed & unresolved?

Sergei Golubchik added a comment - 2017-08-25 08:33

It seems that it has been fixed. The patch is pushed. Compilation with --api=1.1.0 openssl works.

Sergei Golubchik added a comment - 2017-08-25 08:33 It seems that it has been fixed. The patch is pushed. Compilation with --api=1.1.0 openssl works.

pgnd added a comment - 2017-08-25 14:56

pushed to ... 10.2 branch, or master?

With,

	git branch -a

		* 10.2

		remotes/origin/10.2

	git log | head

		commit a544225d0a772bd4b67c96f5861ecc0ef7e69bba

		Author: Kenny John Jacob <johnjacobkenny@gmail.com>

		Date:   Thu Aug 24 12:51:05 2017 +0530

		    Update README.md

		    Fix minor typo.

		commit e7bf8bca2fca1f0794485d8cb78b816f3ba6b142

		Author: Marko Mäkelä <marko.makela@mariadb.com>

and NOT applying the patch

	https://jira.mariadb.org/secure/attachment/43633/MDEV-12763.patch

after OK config, the build still fails at

...

	[ 23%] Building CXX object mysys_ssl/CMakeFiles/mysys_ssl.dir/my_crypt.cc.o

	In file included from /usr/local/src/mariadb_10_2/mysys_ssl/openssl.c:33:0:

	/usr/local/openssl11/include/openssl/evp.h:501:0: warning: "EVP_MD_CTX_init" redefined

	 # define EVP_MD_CTX_init(ctx)    EVP_MD_CTX_reset((ctx))

	In file included from /usr/local/src/mariadb_10_2/mysys_ssl/openssl.c:18:0:

	/usr/local/src/mariadb_10_2/include/ssl_compat.h:33:0: note: this is the location of the previous definition

	 #define EVP_MD_CTX_init(X) do { bzero((X), EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0)

	/usr/local/src/mariadb_10_2/mysys_ssl/my_crypt.cc: In destructor ‘virtual MyCTX::~MyCTX()’:

	/usr/local/src/mariadb_10_2/mysys_ssl/my_crypt.cc:46:5: error: ‘EVP_CIPHER_CTX_cleanup’ was not declared in this scope

	     EVP_CIPHER_CTX_cleanup(ctx);

	     ^~~~~~~~~~~~~~~~~~~~~~

	/usr/local/src/mariadb_10_2/mysys_ssl/my_crypt.cc:46:5: note: suggested alternative: ‘EVP_CIPHER_CTX_set_num’

	     EVP_CIPHER_CTX_cleanup(ctx);

	     ^~~~~~~~~~~~~~~~~~~~~~

	     EVP_CIPHER_CTX_set_num

	[ 23%] Built target dyncol

	mysys_ssl/CMakeFiles/mysys_ssl.dir/build.make:230: recipe for target 'mysys_ssl/CMakeFiles/mysys_ssl.dir/my_crypt.cc.o' failed

	make[2]: *** [mysys_ssl/CMakeFiles/mysys_ssl.dir/my_crypt.cc.o] Error 1

	CMakeFiles/Makefile2:5817: recipe for target 'mysys_ssl/CMakeFiles/mysys_ssl.dir/all' failed

	make[1]: *** [mysys_ssl/CMakeFiles/mysys_ssl.dir/all] Error 2

	Makefile:151: recipe for target 'all' failed

	make: *** [all] Error 2

whereas, the patch DOES still cleanly apply to sources, and with it, the build completes OK

pgnd added a comment - 2017-08-25 14:56 pushed to ... 10.2 branch, or master? With, git branch -a * 10.2 remotes/origin/10.2 git log | head commit a544225d0a772bd4b67c96f5861ecc0ef7e69bba Author: Kenny John Jacob <johnjacobkenny@gmail.com> Date: Thu Aug 24 12:51:05 2017 +0530 Update README.md Fix minor typo. commit e7bf8bca2fca1f0794485d8cb78b816f3ba6b142 Author: Marko Mäkelä <marko.makela@mariadb.com> and NOT applying the patch https://jira.mariadb.org/secure/attachment/43633/MDEV-12763.patch after OK config, the build still fails at ... [ 23%] Building CXX object mysys_ssl/CMakeFiles/mysys_ssl.dir/my_crypt.cc.o In file included from /usr/local/src/mariadb_10_2/mysys_ssl/openssl.c:33:0: /usr/local/openssl11/include/openssl/evp.h:501:0: warning: "EVP_MD_CTX_init" redefined # define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) In file included from /usr/local/src/mariadb_10_2/mysys_ssl/openssl.c:18:0: /usr/local/src/mariadb_10_2/include/ssl_compat.h:33:0: note: this is the location of the previous definition #define EVP_MD_CTX_init(X) do { bzero((X), EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0) /usr/local/src/mariadb_10_2/mysys_ssl/my_crypt.cc: In destructor ‘virtual MyCTX::~MyCTX()’: /usr/local/src/mariadb_10_2/mysys_ssl/my_crypt.cc:46:5: error: ‘EVP_CIPHER_CTX_cleanup’ was not declared in this scope EVP_CIPHER_CTX_cleanup(ctx); ^~~~~~~~~~~~~~~~~~~~~~ /usr/local/src/mariadb_10_2/mysys_ssl/my_crypt.cc:46:5: note: suggested alternative: ‘EVP_CIPHER_CTX_set_num’ EVP_CIPHER_CTX_cleanup(ctx); ^~~~~~~~~~~~~~~~~~~~~~ EVP_CIPHER_CTX_set_num [ 23%] Built target dyncol mysys_ssl/CMakeFiles/mysys_ssl.dir/build.make:230: recipe for target 'mysys_ssl/CMakeFiles/mysys_ssl.dir/my_crypt.cc.o' failed make[2]: *** [mysys_ssl/CMakeFiles/mysys_ssl.dir/my_crypt.cc.o] Error 1 CMakeFiles/Makefile2:5817: recipe for target 'mysys_ssl/CMakeFiles/mysys_ssl.dir/all' failed make[1]: *** [mysys_ssl/CMakeFiles/mysys_ssl.dir/all] Error 2 Makefile:151: recipe for target 'all' failed make: *** [all] Error 2 whereas, the patch DOES still cleanly apply to sources, and with it, the build completes OK

pgnd added a comment - 2017-09-18 13:29

comfirming ...

building

	git log | head

		commit 55c5448ab7030f458f6e06f380c9f605c1d8d3ba

		Author: Sergei Golubchik <serg@mariadb.org>

		Date:   Fri Sep 15 16:43:06 2017 +0200

		    MDEV-13751 Interrupted SELECT fails with 1030: 'Got error 1 "Operation not permitted" from storage engine MyISAM'

		    quick select returns 1, not proper HA_ERR_xxx error code,

		    so don't send it to handler::print_error().

		commit 6670b4e58ca1c97b6f35277fc2aef93ee7367b89

with NO additional patch,

apart from one ssl-related warning

	make V=1 -j4

...

		[ 23%] Building C object mysys_ssl/CMakeFiles/mysys_ssl.dir/openssl.c.o

		In file included from /usr/local/src/mariadb_10_2/mysys_ssl/openssl.c:33:0:

		/usr/local/openssl11/include/openssl/evp.h:501:0: warning: "EVP_MD_CTX_init" redefined

		 # define EVP_MD_CTX_init(ctx)    EVP_MD_CTX_reset((ctx))

		In file included from /usr/local/src/mariadb_10_2/mysys_ssl/openssl.c:18:0:

		/usr/local/src/mariadb_10_2/include/ssl_compat.h:33:0: note: this is the location of the previous definition

		 #define EVP_MD_CTX_init(X) do { bzero((X), EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0)

		[ 23%] Built target dyncol

		[ 23%] Linking CXX static library libmysys_ssl.a

		[ 23%] Built target mysys_ssl

...

looks good

	mysqld -V

		mysqld  Ver 10.2.9-MariaDB-log for Linux on x86_64 (Source distribution)

	ldd `which mysqld` | egrep "ssl|crypto"

	        libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007fc33c16c000)

	        libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007fc33bcc1000)

	ldd /usr/local/mariadb/{bin/*,lib64/*so} | egrep "ssl|crypto"

...

		libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007fc99d507000)

		libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007fc99d05c000)

...

	ldd /usr/local/mariadb/{bin/*,lib64/*so} | egrep "ssl|crypto" | grep -v openssl11

		(empty)

+1 !

pgnd added a comment - 2017-09-18 13:29 comfirming ... building git log | head commit 55c5448ab7030f458f6e06f380c9f605c1d8d3ba Author: Sergei Golubchik <serg@mariadb.org> Date: Fri Sep 15 16:43:06 2017 +0200 MDEV-13751 Interrupted SELECT fails with 1030: 'Got error 1 "Operation not permitted" from storage engine MyISAM' quick select returns 1, not proper HA_ERR_xxx error code, so don't send it to handler::print_error(). commit 6670b4e58ca1c97b6f35277fc2aef93ee7367b89 with NO additional patch, apart from one ssl-related warning make V=1 -j4 ... [ 23%] Building C object mysys_ssl/CMakeFiles/mysys_ssl.dir/openssl.c.o In file included from /usr/local/src/mariadb_10_2/mysys_ssl/openssl.c:33:0: /usr/local/openssl11/include/openssl/evp.h:501:0: warning: "EVP_MD_CTX_init" redefined # define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) In file included from /usr/local/src/mariadb_10_2/mysys_ssl/openssl.c:18:0: /usr/local/src/mariadb_10_2/include/ssl_compat.h:33:0: note: this is the location of the previous definition #define EVP_MD_CTX_init(X) do { bzero((X), EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0) [ 23%] Built target dyncol [ 23%] Linking CXX static library libmysys_ssl.a [ 23%] Built target mysys_ssl ... looks good mysqld -V mysqld Ver 10.2.9-MariaDB-log for Linux on x86_64 (Source distribution) ldd `which mysqld` | egrep "ssl|crypto" libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007fc33c16c000) libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007fc33bcc1000) ldd /usr/local/mariadb/{bin/*,lib64/*so} | egrep "ssl|crypto" ... libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1 (0x00007fc99d507000) libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1 (0x00007fc99d05c000) ... ldd /usr/local/mariadb/{bin/*,lib64/*so} | egrep "ssl|crypto" | grep -v openssl11 (empty) +1 !

MariaDB Server

10.2 uses deprecated openssl 1.0 apis even with 1.1

Details

Description

Attachments

Attachments

Activity

People

Dates

Git Integration