[SERVER-26781] Add support for building with openssl 1.1.0 Created: 26/Oct/16  Updated: 04/May/17  Resolved: 08/Feb/17

Status: Closed
Project: Core Server
Component/s: Build, Security
Affects Version/s: 3.2.10, 3.4.0-rc1
Fix Version/s: 3.2.14, 3.4.5, 3.5.3

Type: Improvement Priority: Major - P3
Reporter: Marek Skalický Assignee: Spencer Jackson
Resolution: Done Votes: 0
Labels: pull-request
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File openssl-1.1.0.patch     File openssl-1.1.0.patch    
Issue Links:
Backports
Backwards Compatibility: Fully Compatible
Backport Requested:
v3.4, v3.2
Sprint: Platforms 2017-03-27
Participants:

 Description   

Building of OpenSSL 1.1.0 fails.

rc/mongo/crypto/crypto_openssl.cpp:48:16: error: aggregate 'EVP_MD_CTX digestCtx' has incomplete type and cannot be defined
     EVP_MD_CTX digestCtx;
                ^~~~~~~~~
src/mongo/crypto/crypto_openssl.cpp:50:19: error: 'EVP_MD_CTX_cleanup' was not declared in this scope
     ON_BLOCK_EXIT(EVP_MD_CTX_cleanup, &digestCtx);
                   ^~~~~~~~~~~~~~~~~~
scons: *** [build/opt/mongo/crypto/crypto_openssl.o] Error 1

(example full log https://kojipkgs.fedoraproject.org//work/tasks/4184/16104184/build.log)

Also asio have to be updated to latest master to support openssl 1.1.0.

Patch for fixing openssl issues in mongodb attached. (does not include asio update)

Should I create github pull request? (it is not problem for me, but I don't know what is your workflow)



 Comments   
Comment by Githook User [ 04/May/17 ]

Author:

{u'username': u'omron93', u'name': u'Marek Skalick\xfd', u'email': u'mskalick@redhat.com'}

Message: SERVER-26781 Building with openssl 1.1.0

Closes #1133

Signed-off-by: Spencer Jackson <spencer.jackson@mongodb.com>
(cherry picked from commit f257e51df267110a14b489fbfbfbe07896096ad1)
Branch: v3.2
https://github.com/mongodb/mongo/commit/7e18d1b41a25d20b90d534515d317b5266741b0d

Comment by Githook User [ 04/May/17 ]

Author:

{u'username': u'omron93', u'name': u'Marek Skalick\xfd', u'email': u'mskalick@redhat.com'}

Message: SERVER-26781 Building with openssl 1.1.0

Closes #1133

Signed-off-by: Spencer Jackson <spencer.jackson@mongodb.com>
(cherry picked from commit f257e51df267110a14b489fbfbfbe07896096ad1)
Branch: v3.4
https://github.com/mongodb/mongo/commit/62ecb7bc5294461244bc07995ac6d113d582bc84

Comment by Githook User [ 08/Feb/17 ]

Author:

{u'username': u'omron93', u'name': u'Marek Skalick\xfd', u'email': u'mskalick@redhat.com'}

Message: SERVER-26781 Building with openssl 1.1.0

Closes #1133

Signed-off-by: Spencer Jackson <spencer.jackson@mongodb.com>
Branch: master
https://github.com/mongodb/mongo/commit/f257e51df267110a14b489fbfbfbe07896096ad1

Comment by Marek Skalický [ 11/Jan/17 ]

Github PR created - https://github.com/mongodb/mongo/pull/1133

To note: Bundled version of asio library does not support openssl 1.1 (latest github asio version supports it already), so asio should be also updated too.

Comment by Spencer Jackson [ 10/Jan/17 ]

Hi mskalick, sorry for the delay. Thank you very much for your patch! I’ve taken a look at it, and it looks good overall, but I see some revisions that need to be made. I'd like to review it with you on Github. Could you please submit a pull request with it to our repository? Before opening it up, make sure your commit message begins with "SERVER-26781 ". Cheers!

Comment by Marek Skalický [ 10/Jan/17 ]

Any progress with this?

Comment by Marek Skalický [ 10/Jan/17 ]

Adding new version of this patch - this patch i working
(previous has bad working with memory - I am shamed)

Comment by Andreas Nilsson [ 26/Oct/16 ]

Thanks for your report mskalick. We will have a look at your patch to verify.

Do you know why OpenSSL choose to remove support for declaring EVP_MD_CTX's directly?

Generated at Thu Feb 08 04:13:11 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.