[oi-dev] OpenSSL update process

Sun Feb 7 13:17:06 UTC 2021

On Sun, Feb 7, 2021 at 1:21 PM Andreas Wacknitz <A.Wacknitz at gmx.de> wrote:

> Am 06.02.21 um 21:56 schrieb Aurélien Larcher:
>
>
> OpenSSL 1.1 is now merged:
>
> 1. The mediator is default set to 1.0 but can be safely set to 1.1.
> 2. illumos-gate is patched to accept library/security/openssl-11 as
> dependency so that it builds when the mediator version is 1.1.
> 3. oi-userland has now a switch USE_OPENSSL10=yes or USE_OPENSSL11=yes
> which should be placed before shared-macros.mk is included.
> 4. If 'gmake update' is executed in a component depending on OpenSSL then
> the switch is made to OpenSSL 1.1 unless USE_OPENSSL10=yes is set.
>
> Now the fun begins:
>
> 3. Move all the components supporting OpenSSL 1.1 or update them.
>> 4. Deprecate possible rotting components which cannot be updated and may
>> cause security issues.
>>
>
> and... the more, the merrier!
>
>
> Cheers
>
>
> _______________________________________________
> oi-dev mailing listoi-dev at openindiana.orghttps://openindiana.org/mailman/listinfo/oi-dev
>
> Hi,
>
> do we have a problem with missing engine files in the openssl-11 package?
>
> ╰─➤  cat /usr/openssl/1.1/lib/pkgconfig/libcrypto.pc
> prefix=/usr/openssl/1.1
> exec_prefix=${prefix}
> libdir=${exec_prefix}/lib/
> includedir=${prefix}/include
> enginesdir=${libdir}/engines-1.1
>
> Name: OpenSSL-libcrypto
> Description: OpenSSL cryptography library
> Version: 1.1.1i
> Libs: -L${libdir} -lcrypto
> Libs.private: -lsocket -lnsl -ldl -pthread
> Cflags: -I${includedir}
>
> So, libcrypto.pc states that there shall be /usr/openssl/1.1/lib/engine
> files but there aren't any (same for 64-bit):
>
> ╭─andreas at skoll /usr/openssl/1.1/lib/pkgconfig
> ╰─➤  ls -l /usr/openssl/1.1/lib
> total 7445
> lrwxrwxrwx   1 root     root           1 Feb  6 11:17 32 -> ./
> lrwxrwxrwx   1 root     root           5 Feb  6 11:17 64 -> amd64/
> lrwxrwxrwx   1 root     root          12 Feb  6 11:17 CA.pl ->
> ../bin/CA.pl*
> drwxr-xr-x   3 root     sys            7 Feb  6 11:17 amd64/
> lrwxrwxrwx   1 root     root          16 Feb  6 11:17 libcrypto.so ->
> libcrypto.so.1.1*
> -r-xr-xr-x   1 root     bin      2947532 Feb  6 11:17 libcrypto.so.1.1*
> lrwxrwxrwx   1 root     root          13 Feb  6 11:17 libssl.so ->
> libssl.so.1.1*
> -r-xr-xr-x   1 root     bin       748144 Feb  6 11:17 libssl.so.1.1*
> drwxr-xr-x   2 root     sys            5 Feb  6 11:17 pkgconfig/
>
> "pkg contents openssl-11" doesn't show any engine files in the package.
>
>
> Maybe unrelated to this: At the moment I try to build remmina with
> openssl-1.1 but it fails to link:
>
> [100%] Linking C executable remmina
> Undefined            first referenced
>  symbol                  in file
> ERR_load_crypto_strings
> CMakeFiles/remmina.dir/remmina_stats_sender.c.o
> ERR_free_strings
> CMakeFiles/remmina.dir/remmina_stats_sender.c.o
> ld: fatal: symbol referencing errors. No output written to remmina
>

Could it be that libcrypto and libssl are linked in the wrong order or that
you need to repeat one of the libs in the list?

Unlike GNU ld our ld does not try to be smart and reorder the libs (in a
possibly disastrous way).

> Regards,
> Andreas
>
> _______________________________________________
> oi-dev mailing list
> oi-dev at openindiana.org
> https://openindiana.org/mailman/listinfo/oi-dev
>

-- 
---
Praise the Caffeine embeddings
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20210207/f84e61ad/attachment.html>