[CDRIVER-3541] SSL_OP_NO_RENEGOTIATION undefined in mongoc-openssl.c Created: 16/Feb/20  Updated: 28/Oct/23  Resolved: 24/Feb/20

Status: Closed
Project: C Driver
Component/s: libmongoc
Affects Version/s: 1.16.0
Fix Version/s: 1.16.2

Type: Bug Priority: Major - P3
Reporter: Michele Locati Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Docker image php:7.4-cli-alpine3.11


Issue Links:
Depends
is depended on by PHPC-1559 Fix libmongoc compilation issue in al... Closed
Related
related to CDRIVER-3544 Test ENABLE_SSL=AUTO and LibreSSL Closed

 Description   

I'm trying to install the mongodb PHP extension (which uses libmongoc @ 7e80159).

I install these Alpine packages with apk add:

libgcc libstdc++ icu-libs libressl3.0-libcrypto libressl3.0-libssl libressl3.0-libtls db libsasl snappy m4 libbz2 perl autoconf pkgconf cyrus-sasl-dev dpkg dpkg-dev libmagic file binutils gmp isl libgomp libatomic mpfr4 mpc1 gcc musl-dev libc-dev g++ icu icu-dev libressl-dev make re2c snappy-dev zlib-dev

 

The compilation fails with this error:

 

/bin/sh /tmp/pear/temp/pear-build-defaultuserHBNFPP/mongodb-1.7.2/libtool --mode=compile cc -DBSON_COMPILATION -DMONGOC_COMPILATION -Isrc/libmongoc/src/libmongoc/src/mongoc/ -I/tmp/pear/temp/mongodb/src/libmongoc/src/libmongoc/src/mongoc/ -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-defaultuserHBNFPP/mongodb-1.7.2/include -I/tmp/pear/temp/pear-build-defaultuserHBNFPP/mongodb-1.7.2/main -I/tmp/pear/temp/mongodb -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -I/tmp/pear/temp/mongodb/src/libmongoc/src/common/ -I/tmp/pear/temp/mongodb/src/libmongoc/src/libbson/src/ -I/tmp/pear/temp/mongodb/src/libmongoc/src/libbson/src/jsonsl/ -I/tmp/pear/temp/mongodb/src/libmongoc/src/libmongoc/src/ -I/tmp/pear/temp/mongodb/src/libmongocrypt/src/ -I/tmp/pear/temp/mongodb/src/libmongocrypt/kms-message/src/ -I/tmp/pear/temp/mongodb/src/libmongocrypt-compat/ -I/tmp/pear/temp/mongodb/src/BSON/ -I/tmp/pear/temp/mongodb/src/MongoDB/ -I/tmp/pear/temp/mongodb/src/MongoDB/Exception/ -I/tmp/pear/temp/mongodb/src/MongoDB/Monitoring/ -I/tmp/pear/temp/mongodb/src/contrib/ -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/mongodb/src/libmongoc/src/libmongoc/src/mongoc/mongoc-openssl.c -o src/libmongoc/src/libmongoc/src/mongoc/mongoc-openssl.lo cc -DBSON_COMPILATION -DMONGOC_COMPILATION -Isrc/libmongoc/src/libmongoc/src/mongoc/ -I/tmp/pear/temp/mongodb/src/libmongoc/src/libmongoc/src/mongoc/ -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-defaultuserHBNFPP/mongodb-1.7.2/include -I/tmp/pear/temp/pear-build-defaultuserHBNFPP/mongodb-1.7.2/main -I/tmp/pear/temp/mongodb -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -I/tmp/pear/temp/mongodb/src/libmongoc/src/common/ -I/tmp/pear/temp/mongodb/src/libmongoc/src/libbson/src/ -I/tmp/pear/temp/mongodb/src/libmongoc/src/libbson/src/jsonsl/ -I/tmp/pear/temp/mongodb/src/libmongoc/src/libmongoc/src/ -I/tmp/pear/temp/mongodb/src/libmongocrypt/src/ -I/tmp/pear/temp/mongodb/src/libmongocrypt/kms-message/src/ -I/tmp/pear/temp/mongodb/src/libmongocrypt-compat/ -I/tmp/pear/temp/mongodb/src/BSON/ -I/tmp/pear/temp/mongodb/src/MongoDB/ -I/tmp/pear/temp/mongodb/src/MongoDB/Exception/ -I/tmp/pear/temp/mongodb/src/MongoDB/Monitoring/ -I/tmp/pear/temp/mongodb/src/contrib/ -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/mongodb/src/libmongoc/src/libmongoc/src/mongoc/mongoc-openssl.c -fPIC -DPIC -o src/libmongoc/src/libmongoc/src/mongoc/.libs/mongoc-openssl.o
/tmp/pear/temp/mongodb/src/libmongoc/src/libmongoc/src/mongoc/mongoc-openssl.c: In function '_mongoc_openssl_ctx_new':
/tmp/pear/temp/mongodb/src/libmongoc/src/libmongoc/src/mongoc/mongoc-openssl.c:498:23: error: 'SSL_OP_NO_RENEGOTIATION' undeclared (first use in this function); did you mean 'SSL_R_NO_RENEGOTIATION'?
498 | ssl_ctx_options |= SSL_OP_NO_RENEGOTIATION;

^~~~~~~~~~~~~~~~~~~~~~~
SSL_R_NO_RENEGOTIATION
/tmp/pear/temp/mongodb/src/libmongoc/src/libmongoc/src/mongoc/mongoc-openssl.c:498:23: note: each undeclared identifier is reported only once for each function it appears in make: *** [Makefile:443: src/libmongoc/src/libmongoc/src/mongoc/mongoc-openssl.lo] Error 1
ERROR: `make' failed

 

maybe adding an #ifdef SSL_OP_NO_RENEGOTIATION in addition to #if OPENSSL_VERSION_NUMBER >= 0x10101000L should sove this issue



 Comments   
Comment by Michele Locati [ 25/Feb/20 ]

Yep, everything seems to work just fine now (see https://github.com/mlocati/docker-php-extension-installer/pull/123), thanks!

Comment by Andreas Braun [ 25/Feb/20 ]

mlocati@gmail.com: Version 1.7.3 of the PHP extension was just released and pushed to PECL. Please let us know if there are any remaining issues. Thanks!

Comment by Kevin Albertson [ 24/Feb/20 ]

mlocati@gmail.com the C driver 1.16.2 should be released today, and the corresponding PHP extension release this week.

Comment by Githook User [ 21/Feb/20 ]

Author:

{'username': 'kevinAlbs', 'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com'}

Message: CDRIVER-3541 fix SSL renegotiation check
Branch: r1.16
https://github.com/mongodb/mongo-c-driver/commit/8e3dee49f0b44c664563aeea999f24f6a3f4620a

Comment by Githook User [ 20/Feb/20 ]

Author:

{'name': 'Kevin Albertson', 'username': 'kevinAlbs', 'email': 'kevin.albertson@mongodb.com'}

Message: CDRIVER-3541 fix SSL renegotiation check
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/6f0822714119a07402a9f91d199526a183ca664b

Comment by Michele Locati [ 20/Feb/20 ]

I'm the mailnainer of a widely used script to install extensions in PHP Docker images (reference), and moving from LibreSSL to OpenSSL would cause some clashes with other system packages.
At the moment I locked the version to 1.6.0 which doesn't suffer from this issue (reference).

Any ETA for a new version of the mongodb PHP extension with a patch for this issue?

Comment by Kevin Albertson [ 18/Feb/20 ]

Hi mlocati@gmail.com, thanks for the report! This is due to a change introduced in 1.16.0, and will be fixed in 1.16.2. Your suggested change seems to be the right fix. This is currently an issue with building against LibreSSL when libmongoc is configured to automatically detect the SSL library available (which in this case will be the libssl/libcrypto provided by LibreSSL). If building with OpenSSL is an option, that may be a viable workaround for the time being.

Best,
Kevin

Generated at Wed Feb 07 21:18:21 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.