Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-27542

S3 binaries still link with OpenSSL 1.x or with both

Details

    Description

      S3-related binaries link with the old openssl even when cmake points at openssl-3 and the server builds with it. I'm not sure what will happen if the system doesn't have openssl-1 at all – whether they'll resort to openssl-3 or won't build at all.

      Maybe it has something to do with them also linking with libk5crypto.so or libhcrypto.so, I can't figure what these are and how they relate to openssl-X version-wise or otherwise.

      preview-10.8-MDEV-25785-openssl3.0 7cd965af9

      lib/plugin/ha_s3.so
      	libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f49e239c000)
      	libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f49e20c6000)
      	libk5crypto.so.3 => /lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007f49e1950000)
      	libhcrypto.so.4 => /lib/x86_64-linux-gnu/libhcrypto.so.4 (0x00007f49e15c4000)
       
      bin/aria_s3_copy
      	libcrypto.so.3 => /home/jenkins/openssl3-inst/lib64/libcrypto.so.3 (0x00007f588487e000)
      	libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f58841b0000)
      	libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f5883eda000)
      	libk5crypto.so.3 => /lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007f588389e000)
      	libhcrypto.so.4 => /lib/x86_64-linux-gnu/libhcrypto.so.4 (0x00007f5883510000)
      

      Also some link only with libk5crypto.so:

      lib/plugin/auth_gssapi.so
      	libk5crypto.so.3 => /lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007fb8695ab000)
      lib/plugin/auth_gssapi_client.so
      	libk5crypto.so.3 => /lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007fdce7394000)
      

      Attachments

        Issue Links

          Activity

            auth_gssapi links with whatever krb5-config says it should link with (see plugin/auth_gssapi/cmake/FindGSSAPI.cmake)
            libk5crypto.so.3 makes sense , because it is Kerberos5 cryptography library, and GSSAPI without Kerberos would not be very useful, exactly as Kerberos would not be very useful without cryptography.

            In case of S3, a wild guess is that dependencies come by the way of CURL, linked together to dependency libmarias3

            wlad Vladislav Vaintroub added a comment - auth_gssapi links with whatever krb5-config says it should link with (see plugin/auth_gssapi/cmake/FindGSSAPI.cmake) libk5crypto.so.3 makes sense , because it is Kerberos5 cryptography library, and GSSAPI without Kerberos would not be very useful, exactly as Kerberos would not be very useful without cryptography. In case of S3, a wild guess is that dependencies come by the way of CURL, linked together to dependency libmarias3

            Right. If a plugin is linked with some library that is in turn linked with an older OpenSSL — there's nothing we can fix here.

            As far as curl is concerned, it doesn't need OpenSSL as such, it can be built with GnuTLS, for example.

            serg Sergei Golubchik added a comment - Right. If a plugin is linked with some library that is in turn linked with an older OpenSSL — there's nothing we can fix here. As far as curl is concerned, it doesn't need OpenSSL as such, it can be built with GnuTLS, for example.

            People

              serg Sergei Golubchik
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.