Details
Description
Problem
The RHEL/CENTOS 7 rpm are not built with TLS support
[vagrant@node1-cb703-centos7 libcouchbase-3.3.0_centos7_x86_64]$ cbc-version
|
cbc:
|
Runtime: Version=3.3.0, Changeset=a82066f53bf10f0a6d14df96d5b3de0415ac1d55
|
Headers: Version=3.3.0, Changeset=a82066f53bf10f0a6d14df96d5b3de0415ac1d55
|
Build Timestamp: 2022-05-11 11:24:45
|
Default plugin directory: /usr/lib64/libcouchbase
|
IO: Default=libevent, Current=libevent, Accessible=libevent,libev,select
|
SSL: NOT SUPPORTED
|
Snappy: 1.1.8
|
Tracing: SUPPORTED
|
System: Linux-4.15.0-91-generic; x86_64
|
CC: GNU 4.8.5; -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fno-strict-aliasing -ggdb3 -pthread
|
CXX: GNU 4.8.5; -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fno-strict-aliasing -ggdb3 -pthread
|
Steps to reproduce
Install openssl11
sudo yum install epel-release
|
sudo yum install openssl11 openssl11-libs openssl11-devel
|
Install libcouchbase
curl -O https://packages.couchbase.com/clients/c/libcouchbase-3.3.0_centos7_x86_64.tar
|
tar xf libcouchbase-3.3.0_centos7_x86_64.tar
|
cd libcouchbase-3.3.0_centos7_x86_64
|
sudo yum install -y libcouchbase3{-tools,-libevent,}-3.3.0*.rpm libcouchbase-devel-*.rpm
|
Attachments
For Gerrit Dashboard: CCBC-1550 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
175091,5 | CCBC-1550: require openssl11 for centos7 | master | libcouchbase | Status: MERGED | +2 | +1 |
So as a fix, I updated dependency to openssl11-devel in rpmspec, and added extra code to CMakeLists.txt to locate openssl11 headers and libs on CentOS. Now, libcouchbase will only build version without SSL only if the user explicitly asks for it with LCB_NO_SSL flag to cmake. Otherwise it will fail if OpenSSL is not found.
The problem was appeared when I updated Jenkins pipeline for Amazon Linux 2 to use OpenSSL 1.1 (to support Capella). So libcouchbase-3.3.0 for amzn2 was built properly. But on CentOS 7 they moved the headers and libraries of OpenSSL 1.1 into extra prefix, so that CentOS 7 can install not just libraries for 1.0 and 1.1 simultaneous, but also the -devel packages (the headers). With "fallback to non-SSL build" behaviour of libcouchbase, it produced build that does not support OpenSSL.
Once patch will be reviewed and merged, I will create tag 3.3.1 and publish new libcouchbase binaries.