[oi-dev] OpenSSL update process
Andreas Wacknitz
A.Wacknitz at gmx.de
Sun Feb 7 16:00:47 UTC 2021
Am 07.02.21 um 14:17 schrieb Aurélien Larcher:
>
>
> On Sun, Feb 7, 2021 at 1:21 PM Andreas Wacknitz <A.Wacknitz at gmx.de
> <mailto:A.Wacknitz at gmx.de>> wrote:
>
> Am 06.02.21 um 21:56 schrieb Aurélien Larcher:
>>
>> OpenSSL 1.1 is now merged:
>>
>> 1. The mediator is default set to 1.0 but can be safely set to 1.1.
>> 2. illumos-gate is patched to accept library/security/openssl-11
>> as dependency so that it builds when the mediator version is 1.1.
>> 3. oi-userland has now a switch USE_OPENSSL10=yes or
>> USE_OPENSSL11=yes which should be placed before shared-macros.mk
>> <http://shared-macros.mk> is included.
>> 4. If 'gmake update' is executed in a component depending on
>> OpenSSL then the switch is made to OpenSSL 1.1 unless
>> USE_OPENSSL10=yes is set.
>>
>> Now the fun begins:
>>
>> 3. Move all the components supporting OpenSSL 1.1 or update
>> them.
>> 4. Deprecate possible rotting components which cannot be
>> updated and may cause security issues.
>>
>>
>> and... the more, the merrier!
>>
>>
>> Cheers
>>
>>
>> _______________________________________________
>> oi-dev mailing list
>> oi-dev at openindiana.org <mailto:oi-dev at openindiana.org>
>> https://openindiana.org/mailman/listinfo/oi-dev <https://openindiana.org/mailman/listinfo/oi-dev>
> Hi,
>
> do we have a problem with missing engine files in the openssl-11
> package?
>
> ╰─➤ cat /usr/openssl/1.1/lib/pkgconfig/libcrypto.pc
> prefix=/usr/openssl/1.1
> exec_prefix=${prefix}
> libdir=${exec_prefix}/lib/
> includedir=${prefix}/include
> enginesdir=${libdir}/engines-1.1
>
> Name: OpenSSL-libcrypto
> Description: OpenSSL cryptography library
> Version: 1.1.1i
> Libs: -L${libdir} -lcrypto
> Libs.private: -lsocket -lnsl -ldl -pthread
> Cflags: -I${includedir}
>
> So, libcrypto.pc states that there shall be
> /usr/openssl/1.1/lib/engine files but there aren't any (same for
> 64-bit):
>
> ╭─andreas at skoll /usr/openssl/1.1/lib/pkgconfig
> ╰─➤ ls -l /usr/openssl/1.1/lib
> total 7445
> lrwxrwxrwx 1 root root 1 Feb 6 11:17 32 -> ./
> lrwxrwxrwx 1 root root 5 Feb 6 11:17 64 -> amd64/
> lrwxrwxrwx 1 root root 12 Feb 6 11:17 CA.pl ->
> ../bin/CA.pl*
> drwxr-xr-x 3 root sys 7 Feb 6 11:17 amd64/
> lrwxrwxrwx 1 root root 16 Feb 6 11:17 libcrypto.so
> -> libcrypto.so.1.1*
> -r-xr-xr-x 1 root bin 2947532 Feb 6 11:17
> libcrypto.so.1.1*
> lrwxrwxrwx 1 root root 13 Feb 6 11:17 libssl.so ->
> libssl.so.1.1*
> -r-xr-xr-x 1 root bin 748144 Feb 6 11:17 libssl.so.1.1*
> drwxr-xr-x 2 root sys 5 Feb 6 11:17 pkgconfig/
>
> "pkg contents openssl-11" doesn't show any engine files in the
> package.
>
>
> Maybe unrelated to this: At the moment I try to build remmina with
> openssl-1.1 but it fails to link:
>
> [100%] Linking C executable remmina
> Undefined first referenced
> symbol in file
> ERR_load_crypto_strings
> CMakeFiles/remmina.dir/remmina_stats_sender.c.o
> ERR_free_strings CMakeFiles/remmina.dir/remmina_stats_sender.c.o
> ld: fatal: symbol referencing errors. No output written to remmina
>
>
> Could it be that libcrypto and libssl are linked in the wrong order or
> that you need to repeat one of the libs in the list?
I don't seem to have control over it. At least not obviously. I have to
investigate further.
>
> Unlike GNU ld our ld does not try to be smart and reorder the libs (in
> a possibly disastrous way).
I have heard of it before but wasn't thinking of that.
Andreas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20210207/2d20f030/attachment-0001.html>
More information about the oi-dev
mailing list