[#MDEV-27542] S3 binaries still link with OpenSSL 1.x or with both

[MDEV-27542] S3 binaries still link with OpenSSL 1.x or with both Created: 2022-01-18 Updated: 2022-01-19 Resolved: 2022-01-19
Status:	Closed
Project:	MariaDB Server
Component/s:	Compiling, SSL, Storage Engine - S3
Affects Version/s:	N/A
Fix Version/s:	N/A

Type:

Bug

Priority:

Minor

Reporter:

Elena Stepanova

Assignee:

Sergei Golubchik

Resolution:

Won't Fix

Votes:

Labels:

None

Issue Links:

Relates
relates to	~~MDEV-25785~~	Add support for OpenSSL 3.0	Closed

Description

S3-related binaries link with the old openssl even when cmake points at openssl-3 and the server builds with it. I'm not sure what will happen if the system doesn't have openssl-1 at all – whether they'll resort to openssl-3 or won't build at all.

Maybe it has something to do with them also linking with libk5crypto.so or libhcrypto.so, I can't figure what these are and how they relate to openssl-X version-wise or otherwise.

preview-10.8-MDEV-25785-openssl3.0 7cd965af9
lib/plugin/ha_s3.so
libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f49e239c000)
libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f49e20c6000)
libk5crypto.so.3 => /lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007f49e1950000)
libhcrypto.so.4 => /lib/x86_64-linux-gnu/libhcrypto.so.4 (0x00007f49e15c4000)

bin/aria_s3_copy
libcrypto.so.3 => /home/jenkins/openssl3-inst/lib64/libcrypto.so.3 (0x00007f588487e000)
libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f58841b0000)
libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f5883eda000)
libk5crypto.so.3 => /lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007f588389e000)
libhcrypto.so.4 => /lib/x86_64-linux-gnu/libhcrypto.so.4 (0x00007f5883510000)

Also some link only with libk5crypto.so:

lib/plugin/auth_gssapi.so

	libk5crypto.so.3 => /lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007fb8695ab000)

lib/plugin/auth_gssapi_client.so

	libk5crypto.so.3 => /lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007fdce7394000)

Comments

Comment by Vladislav Vaintroub [ 2022-01-19 ]

auth_gssapi links with whatever krb5-config says it should link with (see plugin/auth_gssapi/cmake/FindGSSAPI.cmake)
libk5crypto.so.3 makes sense , because it is Kerberos5 cryptography library, and GSSAPI without Kerberos would not be very useful, exactly as Kerberos would not be very useful without cryptography.

In case of S3, a wild guess is that dependencies come by the way of CURL, linked together to dependency libmarias3

Comment by Sergei Golubchik [ 2022-01-19 ]

Right. If a plugin is linked with some library that is in turn linked with an older OpenSSL — there's nothing we can fix here.

As far as curl is concerned, it doesn't need OpenSSL as such, it can be built with GnuTLS, for example.

Generated at Thu Feb 08 09:53:42 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-27542] S3 binaries still link with OpenSSL 1.x or with both Created: 2022-01-18 Updated: 2022-01-19 Resolved: 2022-01-19