Uploaded image for project: 'Couchbase C client library libcouchbase'
  1. Couchbase C client library libcouchbase
  2. CCBC-1550

RHEL/CENTOS 7 libcouchbase 3.3.0 is not built with openssl support

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.3.0
    • 3.3.1
    • library
    • None
    • 1
    • SDK20: Pathfinding + Wrappers

    Description

      Problem
      The RHEL/CENTOS 7 rpm are not built with TLS support

      [vagrant@node1-cb703-centos7 libcouchbase-3.3.0_centos7_x86_64]$ cbc-version
      		 
      cbc:
      		 
        Runtime: Version=3.3.0, Changeset=a82066f53bf10f0a6d14df96d5b3de0415ac1d55
      		 
        Headers: Version=3.3.0, Changeset=a82066f53bf10f0a6d14df96d5b3de0415ac1d55
      		 
        Build Timestamp: 2022-05-11 11:24:45
      		 
        Default plugin directory: /usr/lib64/libcouchbase
      		 
        IO: Default=libevent, Current=libevent, Accessible=libevent,libev,select
      		 
        SSL: NOT SUPPORTED
      		 
        Snappy: 1.1.8
      		 
        Tracing: SUPPORTED
      		 
        System: Linux-4.15.0-91-generic; x86_64
      		 
        CC: GNU 4.8.5; -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -fno-strict-aliasing -ggdb3 -pthread
      		 
        CXX: GNU 4.8.5; -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -fno-strict-aliasing -ggdb3 -pthread

      Steps to reproduce

      Install openssl11

      sudo yum install epel-release
      		 
      sudo yum install openssl11 openssl11-libs openssl11-devel

      Install libcouchbase

      curl -O https://packages.couchbase.com/clients/c/libcouchbase-3.3.0_centos7_x86_64.tar
      		 
      tar xf libcouchbase-3.3.0_centos7_x86_64.tar
      		 
      cd libcouchbase-3.3.0_centos7_x86_64
      		 
      sudo yum install -y libcouchbase3{-tools,-libevent,}-3.3.0*.rpm libcouchbase-devel-*.rpm

      Attachments

        For Gerrit Dashboard: CCBC-1550
        # Subject Branch Project Status CR V
        175091,5 CCBC-1550: require openssl11 for centos7 master libcouchbase Status: MERGED +2 +1

        Activity

          Ascending order - Click to sort in descending order
          avsej Sergey Avseyev added a comment -

          So as a fix, I updated dependency to openssl11-devel in rpmspec, and added extra code to CMakeLists.txt to locate openssl11 headers and libs on CentOS. Now, libcouchbase will only build version without SSL only if the user explicitly asks for it with LCB_NO_SSL flag to cmake. Otherwise it will fail if OpenSSL is not found.

          The problem was appeared when I updated Jenkins pipeline for Amazon Linux 2 to use OpenSSL 1.1 (to support Capella). So libcouchbase-3.3.0 for amzn2 was built properly. But on CentOS 7 they moved the headers and libraries of OpenSSL 1.1 into extra prefix, so that CentOS 7 can install not just libraries for 1.0 and 1.1 simultaneous, but also the -devel packages (the headers). With "fallback to non-SSL build" behaviour of libcouchbase, it produced build that does not support OpenSSL.

          Once patch will be reviewed and merged, I will create tag 3.3.1 and publish new libcouchbase binaries.

          avsej Sergey Avseyev added a comment - So as a fix, I updated dependency to openssl11-devel in rpmspec, and added extra code to CMakeLists.txt to locate openssl11 headers and libs on CentOS. Now, libcouchbase will only build version without SSL only if the user explicitly asks for it with LCB_NO_SSL flag to cmake. Otherwise it will fail if OpenSSL is not found. The problem was appeared when I updated Jenkins pipeline for Amazon Linux 2 to use OpenSSL 1.1 (to support Capella). So libcouchbase-3.3.0 for amzn2 was built properly. But on CentOS 7 they moved the headers and libraries of OpenSSL 1.1 into extra prefix, so that CentOS 7 can install not just libraries for 1.0 and 1.1 simultaneous, but also the -devel packages (the headers). With "fallback to non-SSL build" behaviour of libcouchbase, it produced build that does not support OpenSSL. Once patch will be reviewed and merged, I will create tag 3.3.1 and publish new libcouchbase binaries.
          avsej Sergey Avseyev added a comment -

          Marking the ticket as resolved, as no work is going on apart from review

          avsej Sergey Avseyev added a comment - Marking the ticket as resolved, as no work is going on apart from review

          People

            avsej Sergey Avseyev
            pvarley Patrick Varley
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty