Uploaded image for project: 'Couchbase C client library libcouchbase'
  1. Couchbase C client library libcouchbase
  2. CCBC-1550

RHEL/CENTOS 7 libcouchbase 3.3.0 is not built with openssl support

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.3.0
    • 3.3.1
    • library
    • None
    • 1
    • SDK20: Pathfinding + Wrappers

    Description

      Problem
      The RHEL/CENTOS 7 rpm are not built with TLS support

      [vagrant@node1-cb703-centos7 libcouchbase-3.3.0_centos7_x86_64]$ cbc-version
      cbc:
        Runtime: Version=3.3.0, Changeset=a82066f53bf10f0a6d14df96d5b3de0415ac1d55
        Headers: Version=3.3.0, Changeset=a82066f53bf10f0a6d14df96d5b3de0415ac1d55
        Build Timestamp: 2022-05-11 11:24:45
        Default plugin directory: /usr/lib64/libcouchbase
        IO: Default=libevent, Current=libevent, Accessible=libevent,libev,select
        SSL: NOT SUPPORTED
        Snappy: 1.1.8
        Tracing: SUPPORTED
        System: Linux-4.15.0-91-generic; x86_64
        CC: GNU 4.8.5; -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -fno-strict-aliasing -ggdb3 -pthread
        CXX: GNU 4.8.5; -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -fno-strict-aliasing -ggdb3 -pthread
      

      Steps to reproduce

      Install openssl11

      sudo yum install epel-release
      sudo yum install openssl11 openssl11-libs openssl11-devel
      

      Install libcouchbase

      curl -O https://packages.couchbase.com/clients/c/libcouchbase-3.3.0_centos7_x86_64.tar
      tar xf libcouchbase-3.3.0_centos7_x86_64.tar
      cd libcouchbase-3.3.0_centos7_x86_64
      sudo yum install -y libcouchbase3{-tools,-libevent,}-3.3.0*.rpm libcouchbase-devel-*.rpm
      

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          So as a fix, I updated dependency to openssl11-devel in rpmspec, and added extra code to CMakeLists.txt to locate openssl11 headers and libs on CentOS. Now, libcouchbase will only build version without SSL only if the user explicitly asks for it with LCB_NO_SSL flag to cmake. Otherwise it will fail if OpenSSL is not found.

          The problem was appeared when I updated Jenkins pipeline for Amazon Linux 2 to use OpenSSL 1.1 (to support Capella). So libcouchbase-3.3.0 for amzn2 was built properly. But on CentOS 7 they moved the headers and libraries of OpenSSL 1.1 into extra prefix, so that CentOS 7 can install not just libraries for 1.0 and 1.1 simultaneous, but also the -devel packages (the headers). With "fallback to non-SSL build" behaviour of libcouchbase, it produced build that does not support OpenSSL.

          Once patch will be reviewed and merged, I will create tag 3.3.1 and publish new libcouchbase binaries.

          avsej Sergey Avseyev added a comment - So as a fix, I updated dependency to openssl11-devel in rpmspec, and added extra code to CMakeLists.txt to locate openssl11 headers and libs on CentOS. Now, libcouchbase will only build version without SSL only if the user explicitly asks for it with LCB_NO_SSL flag to cmake. Otherwise it will fail if OpenSSL is not found. The problem was appeared when I updated Jenkins pipeline for Amazon Linux 2 to use OpenSSL 1.1 (to support Capella). So libcouchbase-3.3.0 for amzn2 was built properly. But on CentOS 7 they moved the headers and libraries of OpenSSL 1.1 into extra prefix, so that CentOS 7 can install not just libraries for 1.0 and 1.1 simultaneous, but also the -devel packages (the headers). With "fallback to non-SSL build" behaviour of libcouchbase, it produced build that does not support OpenSSL. Once patch will be reviewed and merged, I will create tag 3.3.1 and publish new libcouchbase binaries.

          Marking the ticket as resolved, as no work is going on apart from review

          avsej Sergey Avseyev added a comment - Marking the ticket as resolved, as no work is going on apart from review

          People

            avsej Sergey Avseyev
            pvarley Patrick Varley
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty