[SERVER-32731] Make SLES 11 build link against SLES 11 Security Module Created: 17/Jan/18  Updated: 06/Dec/22  Resolved: 02/Mar/18

Status: Closed
Project: Core Server
Component/s: Build
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Backlog - Security Team
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-32923 Platform Support: remove SLES11 builds Closed
Related
Assigned Teams:
Server Security
Participants:
Linked BF Score: 0

 Description   

In order to ship a mongod ssl build on SLES 11 with TLS 1.0 disabled by default, mongod needs to link against openssl 1.0.1 or later.

SLES 11 has an optional "Security Module in SUSE Linux Enterprise 11" that supports TLS 1.1, and TLS 1.2.

Example Build Commands:

zypper install openssl1
 
python2 buildscripts/scons.py --ssl CPPPATH=/tmp/openssl_101/usr/include  LINKFLAGS="/usr/lib64/libssl.so.1.0.0 /usr/lib64/libcrypto.so.1.0.0"  mongod

In order to complete this work, SConstruct will have to change the default library link rules that it uses for libssl, and libcrypto. Currently, it specifies -lssl, and -lcrypto, but it needs to explicitly link against the ssl libraries with the "1.0.0" suffix instead of "libssl.so" or "libssl.so.0.9.8". The link must be explicit because we cannot install "libopenssl1-devel" and "libopenssl-devel" (this is currently installed) side-by-side.

References:
https://www.suse.com/documentation/suse-best-practices/singlehtml/securitymodule/securitymodule.html



 Comments   
Comment by Mark Benvenuto [ 02/Mar/18 ]

SLES 11 has been dropped from 4.0 so no need to support the security module.

Generated at Thu Feb 08 04:31:08 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.