[MDEV-20329] S3 engine can crash when libcurl is compiled with OpenSSL < 1.1 - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.4.7
Fix Version/s: 10.5.3
Component/s: Storage Engine - S3
Labels:
None

Description

libMariaS3 uses libcurl underneath. This in-turn uses an SSL library which most commonly is OpenSSL. Certain versions of Linux compile it with OpenSSL 1.0.2 which has a potential race condition in it.

To resolve this the curl creators recommend adding locking callbacks to OpenSSL. Of course this requires us to know what SSL library Curl was compiled with. Which means once there is a code fix to libMariaS3 there will also need to be a subsequent fix in the S3 engine's build system.

Attachments

Activity

People

Assignee:: Robert Bindar

Reporter:: Andrew Hutchings (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2019-08-12 13:50

Updated:: 2020-03-27 11:05

Resolved:: 2020-03-27 11:05

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.