Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-32731

Make SLES 11 build link against SLES 11 Security Module

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Won't Fix
    • None
    • None
    • Build
    • None
    • Security
    • 0

    Description

      In order to ship a mongod ssl build on SLES 11 with TLS 1.0 disabled by default, mongod needs to link against openssl 1.0.1 or later.

      SLES 11 has an optional "Security Module in SUSE Linux Enterprise 11" that supports TLS 1.1, and TLS 1.2.

      Example Build Commands:

      zypper install openssl1
      		 
       
      		 
      python2 buildscripts/scons.py --ssl CPPPATH=/tmp/openssl_101/usr/include  LINKFLAGS="/usr/lib64/libssl.so.1.0.0 /usr/lib64/libcrypto.so.1.0.0"  mongod

      In order to complete this work, SConstruct will have to change the default library link rules that it uses for libssl, and libcrypto. Currently, it specifies -lssl, and -lcrypto, but it needs to explicitly link against the ssl libraries with the "1.0.0" suffix instead of "libssl.so" or "libssl.so.0.9.8". The link must be explicit because we cannot install "libopenssl1-devel" and "libopenssl-devel" (this is currently installed) side-by-side.

      References:
      https://www.suse.com/documentation/suse-best-practices/singlehtml/securitymodule/securitymodule.html

      Attachments

        Issue Links

          depends on

          Task - A task that needs to be done. SERVER-32923 Platform Support: remove SLES11 builds

          • Major - P3 - Major loss of function.
          • Closed

          Activity

            People

              backlog-server-security Backlog - Security Team
              mark.benvenuto@mongodb.com Mark Benvenuto
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: