[CONC-451] libmariadb.so C Connector shared library has a dependency on versioned OpenSSL symbols Created: 2020-02-04  Updated: 2020-05-04

Status: Open
Project: MariaDB Connector/C
Component/s: None
Affects Version/s: 3.1.7
Fix Version/s: None

Type: Bug Priority: Major
Reporter: David Ritter Assignee: Georg Richter
Resolution: Unresolved Votes: 0
Labels: link, openssl
Environment:

Red Hat 7.6

Issue Links:
Blocks

 Description   

I am attempting to use the libmariadb.so shared library from the mariadb-connector-c-3.1.7-linux-x86_64 binary download link.

When linking against it using either the system OpenSSL 1.0.2 binaries or ones I built myself I see the following link error:

/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_get_error@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_get_peer_certificate@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_CTX_load_verify_locations@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_set_ex_data@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_use_certificate_file@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_get_ex_data@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_write@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_clear@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `CRYPTO_THREADID_set_numeric@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_set_cipher_list@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `ERR_get_error@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_NAME_ENTRY_get_data@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_CIPHER_get_name@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_use_PrivateKey@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_get_subject_name@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `CRYPTO_get_id_callback@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_load_error_strings@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_version@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_STORE_set_flags@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `SSL_new@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `CRYPTO_set_locking_callback@OPENSSL_1.0.0'
 
/opt/mariadb-connector-c-3.1.7-linux-i686/lib/mariadb/libmariadb.so: undefined reference to `X509_NAME_get_index_by_NID@OPENSSL_1.0.0'
 
...

After doing some research I determined that the MariaDB C client has been built and linked on a system that has OpenSSL binaries that have version signed symbols.

https://mta.openssl.org/pipermail/openssl-users/2018-July/008301.html

Using these instructions I built new OpenSSL binaries that have the OPENSSL_1.0.0 version applied to all globally exported symbols. With this new set of binaries I am able to link against the MariaDB C Connector.

Vanilla builds of OpenSSL do not document using symbol versioning and as far as I can tell the Red Hat 7.x distributions we are using do not provide them either.

Is this by design or an accident. I think the generic Linux binaries should be linked against a more generic build of OpenSSL.

 Comments   
Comment by Sergei Golubchik [ 2020-02-05 ]

As workarounds you could use mariadb tarball from https://downloads.mariadb.org/mariadb/10.4.12/#os_group=linux_generic which includes Connector/C linked with GnuTLS.

Or you can install from https://downloads.mariadb.org/mariadb/repositories/#distro=RedHat&distro_release=rhel7-amd64--rhel7&version=10.4 and you'll get Connector/C in MariaDB-shared rpm built with OpenSSL specifically on and for RHEL 7

Comment by David Ritter [ 2020-02-05 ]

I agree that those are both reasonable workarounds however I still content the generic Linux binaries should be linked against a more generic build of OpenSSL that doesn't have an arbitrary symbol versioning scheme (I say arbitrary because I can find nothing on the OpenSSL website or build instructions that not the version OPENSSL_1.0.0 is an official tag)

Generated at Thu Feb 08 03:05:25 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.