Hi all,
Just to add, I've been trying to build XRootD (master and 5.4.2) with gcc11 from the scl (devtoolset) on a CentOS7 host with openssl 3.0.X.
Short story is it's not working for me _at all_. (I keep hitting the error below and then the compilation bails out with more errors)
I'm looking to use XRootD with openssl3 vs fixing a bug I've hit between openssl1 and XRootD 5.4.X leading to a segfault from the openssl libraries in production (i.e. an uncatchable fault which is difficult to work-around by fixing code in XRootD).
I've compiled openssl3.0.1 (and openssl3.0.0) (from the vanilla code release on github https://github.com/openssl/openssl/tags) and installed it under /opt/openssl-3.0.X using this devtoolset and it's picked up with cmake for XRootD correctly, but all fail.
Does anyone know what openssl3 release/package/build-config was used in the initial testing?
(I'm happy to patch my openssl build for now if needed but this isn't a great long-term solution)
I've tried with and without -DWITH_OPENSSL3=TRUE, but no improvement.
I see that openssl-3.0.2 is now out and I'll try with this later today, but I don't expect much difference.
Best Regards,
Rob
[ 65%] Built target XrdSeckrb5-5
In file included from /usr/include/voms/newformat.h:31,
from /usr/include/voms/voms_api.h:50,
from /root/src/root-master/xrootd/src/XrdVoms/XrdVoms.hh:33,
from /root/src/root-master/xrootd/src/XrdVoms/XrdVomsFun.cc:41:
/opt/openssl-3.0.1/include/openssl/asn1_mac.h:10:2: error: #error "This file is obsolete; please update your software."
10 | #error "This file is obsolete; please update your software."
| ^~~~~
In file included from /usr/include/voms/newformat.h:31,
from /usr/include/voms/voms_api.h:50,
from /root/src/root-master/xrootd/src/XrdVoms/XrdVoms.hh:33,
from /root/src/root-master/xrootd/src/XrdVoms/XrdVomsHttp.cc:49:
/opt/openssl-3.0.1/include/openssl/asn1_mac.h:10:2: error: #error "This file is obsolete; please update your software."
10 | #error "This file is obsolete; please update your software."
| ^~~~~
On 2022-03-15 18:11, jade2k11598 wrote:
This email was sent to you by someone outside the University.
You should only click on links or attachments if you are certain that the email is genuine and the content is safe.
@simonmichal<https://github.com/simonmichal>, I don't know if you've read the details I already provided on that root forum post, but I encourage you to read it because I have done all that you are suggesting here and it's still failing to compile. I really don't want to repeat all that I have posted there (as @axel<https://github.com/axel> suggested to just refer you guys to what has already been posted there).
I understand it's a long post, but I provided above specified links where I have done what you've suggested, like here<https://root-forum.cern.ch/t/building-from-source-root-v6-26-00-failing-with-openssl-on-macos-monterey/49078/9>. I also provided root cause here<https://root-forum.cern.ch/t/building-from-source-root-v6-26-00-failing-with-openssl-on-macos-monterey/49078/10>.
As I noted here<https://root-forum.cern.ch/t/building-from-source-root-v6-26-00-failing-with-openssl-on-macos-monterey/49078/12>, I did manually build xrootd from the version that root downloaded, where I just triggered the cmake command using the same cmake options that root was passing to xrootd (via ExternalProject_Add), from the location root downloaded xrootd. The xrootd version that root downloaded was:
jade$ cat VERSION_INFO
RefNames: (tag: v5.4.1)
ShortHash: d21f09ce911
Date: 2022-02-21 11:10:10 +0100
That cmake command that was manually passed to xrootd (and the same command that root was passing after @axel<https://github.com/axel> suggested the addition of cmake's openssl options to point xrootd to an older version of openssl -- the same options you suggested) was:
cmake -DCMAKE_INSTALL_PREFIX=/Users/jade/thirdParty/root-6.26.00/build-dir/builtins/xrootd/XROOTD-prefix -DOPENSSL_INCLUDE_DIR=/opt/local/libexec/openssl11/include -DOPENSSL_SSL_LIBRARY=/opt/local/libexec/openssl11/lib/libssl.dylib -DOPENSSL_CRYPTO_LIBRARY=/opt/local/libexec/openssl11/lib/libcrypto.dylib -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_COMPILER=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/cc -DCMAKE_C_FLAGS="-m64 -pipe -W -Wall -fsigned-char -fno-common -Qunused-arguments -pthread" -DCMAKE_CXX_COMPILER=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/c++ -DCMAKE_CXX_FLAGS="-std=c++17 -Wc++11-narrowing -Wsign-compare -Wsometimes-uninitialized -Wconditional-uninitialized -Wheader-guard -Warray-bounds -Wcomment -Wtautological-compare -Wstrncat-size -Wloop-analysis -Wbool-conversion -m64 -pipe -W -Wall -Woverloaded-virtual -fsigned-char -fno-common -Qunused-arguments -pthread -stdlib=libc++" -DCMAKE_OSX_SYSROOT=/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX12.1.sdk -DENABLE_PYTHON=OFF -DENABLE_CEPH=OFF -DCMAKE_INSTALL_RPATH:STRING=/Users/jade/thirdParty/root-6.26.00/build-dir/builtins/xrootd/XROOTD-prefix/lib ../XROOTD
where I have noted at the root forum post that that command does recognize the openssl version 1.1.1m:
-- Found OpenSSL: /opt/local/libexec/openssl11/lib/libssl.dylib;/opt/local/libexec/openssl11/lib/libcrypto.dylib
And yet despite having provided -DOPENSSL_INCLUDE_DIR=/opt/local/libexec/openssl11/include in that cmake command, when compiling, it's still picking up openssl headers at the wrong location:
/Users/jade/thirdParty/root-6.26.00/build-dir/builtins/xrootd/XROOTD-prefix/src/XROOTD/src/XrdCrypto/XrdCryptosslRSA.cc:504:19: error: no matching function for call to 'RSA_private_encrypt'
if ((lout = RSA_private_encrypt(lc, (unsigned char *)&in[kk],
^~~~~~~~~~~~~~~~~~~
/opt/local/include/openssl/rsa.h:285:5: note: candidate function not viable: 4th argument ('const struct rsa_st *') would lose const qualifier
int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
^
As noted above it's picking up openssl headers at /opt/local/include instead of /opt/local/libexec/openssl11/include, because when it compiles, it orders the includes putting /opt/local/include first before /opt/local/libexec/openssl11/include and so picks up the openssl3 headers located at /opt/local/include.
When you say that you've tested with older versions of openssl, did you test it with having multiple versions of openssl installed on your system, where the default version is openssl3, and not the version you specifically specified to cmake? Because that's the circumstances that I'm in, where I need the default openssl version to be openssl3 since I have other tools dependent on it.
Now I wish I can get this building against openssl3, but even after not specifying any openssl version in the cmake commands (just remove -DOPENSSL_INCLUDE_DIR=/opt/local/libexec/openssl11/include -DOPENSSL_SSL_LIBRARY=/opt/local/libexec/openssl11/lib/libssl.dylib -DOPENSSL_CRYPTO_LIBRARY=/opt/local/libexec/openssl11/lib/libcrypto.dylib from the cmake command I provided above and add -DWITH_OPENSSL3=TRUE), even though during its configuration, it recognizes the openssl3 version:
-- Found OpenSSL: /opt/local/lib/libssl.dylib;/opt/local/lib/libcrypto.dylib
where the default openssl version on my system is:
jade$ openssl version
OpenSSL 3.0.1 14 Dec 2021 (Library: OpenSSL 3.0.1 14 Dec 2021)
jade$ which openssl
/opt/local/bin/openssl
jade$ otool -L /opt/local/bin/openssl
/opt/local/bin/openssl:
/opt/local/libexec/openssl3/lib/libssl.3.dylib (compatibility version 3.0.0, current version 3.0.0)
/opt/local/libexec/openssl3/lib/libcrypto.3.dylib (compatibility version 3.0.0, current version 3.0.0)
/opt/local/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.11)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1311.0.0)
jade$ ls -l /opt/local/lib/libssl.dylib;
lrwxr-xr-x 1 root admin 14 Dec 20 00:57 /opt/local/lib/libssl.dylib -> libssl.3.dylib
jade$ ls -l /opt/local/lib/libssl.3.dylib
lrwxr-xr-x 1 root admin 46 Dec 20 00:57 /opt/local/lib/libssl.3.dylib -> /opt/local/libexec/openssl3/lib/libssl.3.dylib
jade$ ls -l /opt/local/lib/libcrypto.dylib
lrwxr-xr-x 1 root admin 17 Dec 20 00:57 /opt/local/lib/libcrypto.dylib -> libcrypto.3.dylib
jade$ ls -l /opt/local/lib/libcrypto.3.dylib
lrwxr-xr-x 1 root admin 49 Dec 20 00:57 /opt/local/lib/libcrypto.3.dylib -> /opt/local/libexec/openssl3/lib/libcrypto.3.dylib
jade$ ls -l /opt/local/include/openssl
lrwxr-xr-x 1 root admin 43 Dec 20 00:57 /opt/local/include/openssl -> /opt/local/libexec/openssl3/include/openssl
It still fails to compile:
/Users/jade/thirdParty/root-6.26.00/build-dir/builtins/xrootd/XROOTD-prefix/src/XROOTD/src/XrdSec/openssl3/XrdSecProtect.cc:57:8: error: unknown type name 'EVP_MD_CTX'
static EVP_MD_CTX* EVP_MD_CTX_new() {
^
/Users/jade/thirdParty/root-6.26.00/build-dir/builtins/xrootd/XROOTD-prefix/src/XROOTD/src/XrdSec/openssl3/XrdSecProtect.cc:58:3: error: unknown type name 'EVP_MD_CTX'
EVP_MD_CTX *ctx = (EVP_MD_CTX *)OPENSSL_malloc(sizeof(EVP_MD_CTX));
...
BTW if I don't add -DWITH_OPENSSL3=TRUE (e.g. zero hints of openssl version passed to cmake) even though the default version of openssl is openssl3, I'd get the same error when specifying the older version of openssl in the cmake command.
—
Reply to this email directly, view it on GitHub<https://github.com/xrootd/xrootd/issues/1649#issuecomment-1068302397>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAINBRIOCCI5YPXDSZAJOZTVADHEVANCNFSM5QWUMRFA>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. Is e buidheann carthannais a th’ ann an Oilthigh Dhùn Èideann, clàraichte an Alba, àireamh clàraidh SC005336.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you are subscribed to this thread.
Message ID: <xrootd/xrootd/issues/1649/1069025834@github.com>
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/issues/1649#issuecomment-1069025834",
"url": "https://github.com/xrootd/xrootd/issues/1649#issuecomment-1069025834",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1