Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32368

Docker image crashes on launch with OpenSSL 3 FIPS activated

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.11.5, 11.1.2
    • 10.11
    • Docker
    • None
    • Official Docker image

    Description

      I've built a docker image based on the official MariaDB image, but with the OpenSSL FIPS provider (v3.0.0) built and configured for use (but no other changes). When I try to run this image, it crashes on launch after logging [Entrypoint]: Initializing database files. I've tried with both mariadb:11-jammy and mariadb:10-jammy with the same results. I've also tried doing a full build of OpenSSL 3.0.8 with its FIPS provider and configuring the system to use that OpenSSL, also with the same results.

      I assume based on the documentation here that MariaDB is intended to function correctly with OpenSSL 3 using the FIPS provider. I have confirmed using the ldd command on that page that the server is dynamically linking against the expected OpenSSL libraries.

      I've attached the output (both stdout and stderr) from running docker logs on the container (crashlog.txt) as well as the Dockerfile and openssl.cnf files used to build the container.

      For convenience, here are the full instructions to reproduce. First, put the attached Dockerfile and opensl.cnf in a directory. From that directory, build the image:

      docker build -t mariadb-fips .
      

      Then run the image:

      docker run --detach --name mariadb-fips --env MARIADB_USER=example-user --env MARIADB_PASSWORD=my_cool_secret --env MARIADB_ROOT_PASSWORD=my-secret-pw  mariadb-fips
      

      After a couple of seconds, observe that the container has stopped and check the logs:

      docker ps -a
      docker logs mariadb-fips
      

      Attachments

        1. crashlog.txt
          9 kB
          Cory McCarty
        2. Dockerfile
          0.6 kB
          Cory McCarty
        3. Dockerfile-1
          0.6 kB
          Cory McCarty
        4. openssl.cnf
          12 kB
          Cory McCarty
        5. openssl-1.cnf
          12 kB
          Cory McCarty

        Issue Links

          Activity

            People

              wlad Vladislav Vaintroub
              cory.mccarty Cory McCarty
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.