[SERVER-9031] Support for libssl 0.9.8k without FIPS_mode_set Created: 20/Mar/13  Updated: 11/Jul/16  Resolved: 29/Aug/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.4.0, 2.5.0
Fix Version/s: 2.5.3

Type: Question Priority: Major - P3
Reporter: Ernie Hershey Assignee: Eric Milkie
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Ubuntu 10.04, OSX 10.8.3


Issue Links:
Duplicate
is duplicated by SERVER-10411 compile failed on V2.4 Linux 64-bit S... Closed
Related
is related to SERVER-8583 Enable dynamic loading of extensions ... Backlog
Participants:

 Description   

This is the error trying to compile now in Ubuntu 10.04:

g++ -o build/linux2/release/ssl/mongo/util/net/ssl_manager.o -c -Wnon-virtual-dtor -Woverloaded-virtual -fPIC -fno-strict-aliasing -ggdb -pthread -Wno-unknown-pragmas -Winvalid-pch -pipe -fno-builtin-memcmp -O3 -DBOOST_ALL_NO_LIB -D_SCONS -DMONGO_EXPOSE_MACROS -DSUPPORT_UTF8 -D_FILE_OFFSET_BITS=64 -DMONGO_SSL -DMONGO_HAVE_HEADER_UNISTD_H -DMONGO_HAVE_EXECINFO_BACKTRACE -DNETSNMP_NO_INLINE -Ibuild/linux2/release/ssl/third_party/libstemmer_c/include -Isrc/third_party/libstemmer_c/include -Ibuild/linux2/release/ssl/third_party/s2 -Isrc/third_party/s2 -Ibuild/linux2/release/ssl/third_party/boost -Isrc/third_party/boost -Ibuild/linux2/release/ssl/third_party/pcre-8.30 -Isrc/third_party/pcre-8.30 -Ibuild/linux2/release/ssl -Isrc -Ibuild/linux2/release/ssl/mongo -Isrc/mongo -Ibuild/linux2/release/ssl/third_party/s2 -Isrc/third_party/s2 -Ibuild/linux2/release/ssl/third_party/snappy -Isrc/third_party/snappy -Ibuild/linux2/release/ssl/third_party/v8/include -Isrc/third_party/v8/include src/mongo/util/net/ssl_manager.cpp
src/mongo/util/net/ssl_manager.cpp: In member function 'void mongo::SSLManager::_setupFIPS()':
src/mongo/util/net/ssl_manager.cpp:187: error: 'FIPS_mode_set' was not declared in this scope
scons: *** [build/linux2/release/ssl/mongo/util/net/ssl_manager.o] Error 1
scons: building terminated because of errors.
program finished with exit code 2
elapsedTime=143.627788



 Comments   
Comment by auto [ 29/Aug/13 ]

Author:

{u'username': u'milkie', u'name': u'Eric Milkie', u'email': u'milkie@10gen.com'}

Message: SERVER-9031 compile successfully without 'FIPS_mode_set' symbol
Branch: master
https://github.com/mongodb/mongo/commit/51a0bf4aefa71821b421fcdab57f1c34aa3e81c2

Comment by Eric Milkie [ 10/Jun/13 ]

Yes, that is acceptable.

Comment by Randall Hunt [ 10/Jun/13 ]

so would something like this be acceptable:

scons -j8 --ssl --cpppath /usr/local/Cellar/openssl/1.0.1e/include --libpath /usr/local/Cellar/openssl/1.0.1e/lib mongod

Comment by Eric Milkie [ 10/Jun/13 ]

Note that --extrapath is not a well-coded parameter and we will be removing it soon (for example, it forces release mode on, even when you use --dd).

Using --cpppath is okay but typically you must use it in conjunction with --libpath (to specify both the include and lib directories of your OpenSSL installation). Using one without the other might work depending on how you installed things, but I cannot recommend it.

Comment by Tyler Brock [ 10/Jun/13 ]

This worked for me where --cpppath did not:

scons --ssl --extrapath=/usr/local/opt/openssl mongod

Comment by Uladzimir Mihura [ 22/May/13 ]

Works fine with openssl 1.0.1e

just add it into includes via --cpppath flag

scons all --ssl --cpppath /usr/local/Cellar/openssl/1.0.1e/include 

-vova

Generated at Thu Feb 08 03:19:08 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.