[MDEV-12811] Backport OpenSSL 1.1 support to MariaDB 10.1 Created: 2017-05-16  Updated: 2021-03-03  Resolved: 2021-03-03

Status: Closed
Project: MariaDB Server
Component/s: Compiling
Fix Version/s: N/A

Type: Task Priority: Major
Reporter: Jaime Crespo Assignee: Sergei Golubchik
Resolution: Won't Fix Votes: 1
Labels: None

Issue Links:
Duplicate
duplicates MDEV-13592 OpenSSL 1.1 support back-ported to Ma... Open
Relates
relates to MDEV-12996 install libssl1.0-dev on Sid builders Closed
relates to MDEV-18517 CMake SSL compilation error with Open... Closed

 Description   

MDEV-10332 added OpenSSL 1.1 support to 10.2. However, 10.2 is not GA, and most modern distros are likely to upgrade OpenSSL to 1.1 by default: (Debian, Fedora, Ubuntu) for security concerns, while being very conservative about database migration.

Please consider backporting support for openssl 1.1 to the current stable version. Right now, compiling the default mariadb version (stable) with the default (system) ssl library provided on those distributions produces an error.

 Comments   
Comment by Daniel Black [ 2017-05-16 ]

Facebook did a 5.6 patch that might be of use https://github.com/facebook/mysql-5.6/commit/4665eb0b1163706a4f5974526d17548e1642918c

Comment by Sergei Golubchik [ 2017-06-13 ]

OpenSSL 1.1 support was a rather big and intrusive patch. I'd rather let it stay in 10.2 for a few releases to see if we find any problems with it, before backporting.

Comment by Sergei Golubchik [ 2018-05-17 ]

I'd say openssl 1.1 support was in 10.2 long enough and it was fairly issue-free. We should, probably, backport it.

Comment by Sergei Golubchik [ 2018-07-22 ]

Downgrading from Critical to Major, see MDEV-13592

Comment by Bernard Spil [ 2018-10-20 ]

Yes, please backport.

FreeBSD is switching to OpenSSL 1.1.1 in the Base OS so MariaDB 10.1 will have to support this too.

Comment by Dani I [ 2019-02-14 ]

bump like Bernard wrote, it would be awesome to see this backported asap. Thanks!

Comment by Jaime Crespo [ 2019-02-14 ]

We are no longer interested on the backport. It seems that current MariaDB policy is to do only security support of older versions (which I do understand, but maybe it is a consequence of trying to support too many simultaneous major versions - but that is offtopic here), so it seems the only way to get some bugs corrected is to keep up with a recent release version (perform an upgrade every year).

Comment by Sergei Golubchik [ 2019-02-14 ]

jcrespo, this is not completely correct. Generally when we fix a bug, it's fixed in the earliest applicable version. Even 5.5 still gets non-security bug fixes.

We just didn't get around to fixing this particular issue, but as soon as I'm done with other, Critical, 10.1 bugs, I'll do it

Comment by Ian Gilfillan [ 2021-03-03 ]

10.1 is now EOL.

Generated at Thu Feb 08 08:00:39 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.