-
Type:
Task
-
Status: Closed
-
Priority:
Major - P3
-
Resolution: Won't Fix
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Build
-
Labels:None
-
Epic Link:
-
Linked BF Score:0
In order to ship a mongod ssl build on SLES 11 with TLS 1.0 disabled by default, mongod needs to link against openssl 1.0.1 or later.
SLES 11 has an optional "Security Module in SUSE Linux Enterprise 11" that supports TLS 1.1, and TLS 1.2.
Example Build Commands:
zypper install openssl1
|
|
|
python2 buildscripts/scons.py --ssl CPPPATH=/tmp/openssl_101/usr/include LINKFLAGS="/usr/lib64/libssl.so.1.0.0 /usr/lib64/libcrypto.so.1.0.0" mongod
|
In order to complete this work, SConstruct will have to change the default library link rules that it uses for libssl, and libcrypto. Currently, it specifies -lssl, and -lcrypto, but it needs to explicitly link against the ssl libraries with the "1.0.0" suffix instead of "libssl.so" or "libssl.so.0.9.8". The link must be explicit because we cannot install "libopenssl1-devel" and "libopenssl-devel" (this is currently installed) side-by-side.
References:
https://www.suse.com/documentation/suse-best-practices/singlehtml/securitymodule/securitymodule.html
- depends on
-
-
- Closed
-