[MDEV-20329] S3 engine can crash when libcurl is compiled with OpenSSL < 1.1 - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.4.7
Fix Version/s: 10.5.3
Component/s: Storage Engine - S3
Labels:
None

Description

libMariaS3 uses libcurl underneath. This in-turn uses an SSL library which most commonly is OpenSSL. Certain versions of Linux compile it with OpenSSL 1.0.2 which has a potential race condition in it.

To resolve this the curl creators recommend adding locking callbacks to OpenSSL. Of course this requires us to know what SSL library Curl was compiled with. Which means once there is a code fix to libMariaS3 there will also need to be a subsequent fix in the S3 engine's build system.

Attachments

Activity

Transition	Time In Source Status	Execution Times

Julien Fritsch made transition - 2019-11-04 13:25

Open

In Progress

83d 23h 35m

Julien Fritsch made transition - 2019-11-04 13:26

In Progress

In Review

1m 9s

Robert Bindar made transition - 2020-03-27 11:05

In Review

Closed

143d 21h 38m

People

Assignee:: Robert Bindar

Reporter:: Andrew Hutchings (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2019-08-12 13:50

Updated:: 2020-03-27 11:05

Resolved:: 2020-03-27 11:05

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server