[MDEV-27542] S3 binaries still link with OpenSSL 1.x or with both - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Won't Fix
Affects Version/s: N/A
Fix Version/s: N/A
Component/s: Compiling, SSL, Storage Engine - S3
Labels:
None

Description

S3-related binaries link with the old openssl even when cmake points at openssl-3 and the server builds with it. I'm not sure what will happen if the system doesn't have openssl-1 at all – whether they'll resort to openssl-3 or won't build at all.

Maybe it has something to do with them also linking with libk5crypto.so or libhcrypto.so, I can't figure what these are and how they relate to openssl-X version-wise or otherwise.

preview-10.8-MDEV-25785-openssl3.0 7cd965af9
lib/plugin/ha_s3.so
libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f49e239c000)
libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f49e20c6000)
libk5crypto.so.3 => /lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007f49e1950000)
libhcrypto.so.4 => /lib/x86_64-linux-gnu/libhcrypto.so.4 (0x00007f49e15c4000)

bin/aria_s3_copy
libcrypto.so.3 => /home/jenkins/openssl3-inst/lib64/libcrypto.so.3 (0x00007f588487e000)
libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f58841b0000)
libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f5883eda000)
libk5crypto.so.3 => /lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007f588389e000)
libhcrypto.so.4 => /lib/x86_64-linux-gnu/libhcrypto.so.4 (0x00007f5883510000)

Also some link only with libk5crypto.so:

lib/plugin/auth_gssapi.so

	libk5crypto.so.3 => /lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007fb8695ab000)

lib/plugin/auth_gssapi_client.so

	libk5crypto.so.3 => /lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007fdce7394000)

Attachments

Issue Links

relates to

MDEV-25785 Add support for OpenSSL 3.0

Closed

Activity

Ascending order - Click to sort in descending order

Vladislav Vaintroub added a comment - 2022-01-19 18:50

auth_gssapi links with whatever krb5-config says it should link with (see plugin/auth_gssapi/cmake/FindGSSAPI.cmake)
libk5crypto.so.3 makes sense , because it is Kerberos5 cryptography library, and GSSAPI without Kerberos would not be very useful, exactly as Kerberos would not be very useful without cryptography.

In case of S3, a wild guess is that dependencies come by the way of CURL, linked together to dependency libmarias3

Vladislav Vaintroub added a comment - 2022-01-19 18:50 auth_gssapi links with whatever krb5-config says it should link with (see plugin/auth_gssapi/cmake/FindGSSAPI.cmake) libk5crypto.so.3 makes sense , because it is Kerberos5 cryptography library, and GSSAPI without Kerberos would not be very useful, exactly as Kerberos would not be very useful without cryptography. In case of S3, a wild guess is that dependencies come by the way of CURL, linked together to dependency libmarias3

Sergei Golubchik added a comment - 2022-01-19 19:20

Right. If a plugin is linked with some library that is in turn linked with an older OpenSSL — there's nothing we can fix here.

As far as curl is concerned, it doesn't need OpenSSL as such, it can be built with GnuTLS, for example.

Sergei Golubchik added a comment - 2022-01-19 19:20 Right. If a plugin is linked with some library that is in turn linked with an older OpenSSL — there's nothing we can fix here. As far as curl is concerned, it doesn't need OpenSSL as such, it can be built with GnuTLS, for example.

People

Assignee:: Sergei Golubchik

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2022-01-18 20:13

Updated:: 2022-01-19 19:20

Resolved:: 2022-01-19 19:20

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server