Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-65898

csfle library: initialization fails with OpenSSL error on RHEL 7.6, SLES 12

XMLWordPrintableJSON

    • Fully Compatible
    • ALL
    • Hide

      https://gist.github.com/addaleax/c3bdcab028a42d1f32455a9436a1c298 (ran this on a suse12-small evg spawn host)

      Show
      https://gist.github.com/addaleax/c3bdcab028a42d1f32455a9436a1c298 (ran this on a suse12-small evg spawn host)
    • Security 2022-05-02, Security 2022-05-16
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Initializing the csfle shared library fails on RHEL 7.6, SLES 12, and possibly others.

      In a standalone binary that only loads the shared library, dlopen() fails with:

      symbol SSL_CTX_get0_certificate, version OPENSSL_1.0.0 not defined in file libssl.so.1.0.0 with link time reference

      In a Node.js process (where OpenSSL is statically linked in – tested with Node.js 14.19.1/OpenSSL 1.1.1n), lib_create() fails with:

      csfle lib_create() failed: Global initialization failed :: caused by :: Can not set supported cipher suites with config string "HIGH:!EXPORT:!aNULL@STRENGTH": error:08064066:object identifier routines:OBJ_create:oid exists [Error 2, code 140]

      This has some potential overlap with SERVER-63703 in that removing uses of OpenSSL inside the shared library seems like a good potential fix.

            Assignee:
            sergey.galtsev@mongodb.com Sergey Galtsev (Inactive)
            Reporter:
            anna.henningsen@mongodb.com Anna Henningsen
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:
              None
              None
              None
              None