Bug #68999 | SSL_OP_NO_COMPRESSION not defined | ||
---|---|---|---|
Submitted: | 18 Apr 2013 15:06 | Modified: | 20 Apr 2015 14:34 |
Reporter: | Remi Collet | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Compiling | Severity: | S3 (Non-critical) |
Version: | 5.5.31 | OS: | Linux (RHEL-5) |
Assigned to: | Georgi Kodinov | CPU Architecture: | Any |
[18 Apr 2013 15:06]
Remi Collet
[18 Apr 2013 15:07]
Remi Collet
mysql-openssl.patch
Attachment: mysql-openssl.patch (text/x-patch), 405 bytes.
[26 Apr 2013 10:49]
MySQL Verification Team
http://bugs.mysql.com/bug.php?id=69080 marked as duplicate of this one.
[24 May 2013 10:58]
MySQL Verification Team
Hello Remi, Thank you for the report. Verified as described. // How to repeat [root@cluster1 mysqlcom-5.5.31]# openssl version OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 [root@cluster1 mysqlcom-5.5.31]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.8 (Tikanga) [root@cluster1 mysqlcom-5.5.31]# uname -a Linux cluster1 2.6.32-100.26.2.el5 #1 SMP Tue Jan 18 20:11:49 EST 2011 x86_64 x86_64 x86_64 GNU/Linux [root@cluster1 mysqlcom-5.5.31]# cmake -DCMAKE_INSTALL_PREFIX=/root/server/mysqlcom-5.5.31 -DWITH_SSL=system [root@cluster1 mysqlcom-5.5.31]# make .. ... Scanning dependencies of target vio [ 63%] Building C object vio/CMakeFiles/vio.dir/vio.c.o [ 63%] Building C object vio/CMakeFiles/vio.dir/viosocket.c.o [ 63%] Building C object vio/CMakeFiles/vio.dir/viossl.c.o /root/setup/mysqlcom-5.5.31/vio/viossl.c: In function âssl_doâ: /root/setup/mysqlcom-5.5.31/vio/viossl.c:175: error: âSSL_OP_NO_COMPRESSIONâ undeclared (first use in this function) /root/setup/mysqlcom-5.5.31/vio/viossl.c:175: error: (Each undeclared identifier is reported only once /root/setup/mysqlcom-5.5.31/vio/viossl.c:175: error: for each function it appears in.) make[2]: *** [vio/CMakeFiles/vio.dir/viossl.c.o] Error 1 make[1]: *** [vio/CMakeFiles/vio.dir/all] Error 2 make: *** [all] Error 2
[24 May 2013 11:50]
Erlend Dahl
Bug #69080 mysql-5.5.31 not compatible with openssl-1.0.0 and lower was marked as a duplicate.
[8 Jun 2013 0:07]
Noel Butler
5.5.32 also suffers same fate, i'm amazed oracle had ignored this and the simple included patch that fixes this.
[13 Jun 2013 10:40]
Georgi Kodinov
This openssl version is rather old. openssl recommends that you should consider upgrading to a later one. Is there any obstacle with you upgrading to a recent version ? Alternatively you can just download the binaries from http://dev.mysql.com/downloads.
[13 Jun 2013 10:44]
Remi Collet
> Is there any obstacle with you upgrading to a recent version ? Enterprise Linux distribution provides backport for security fix. I don't think upgrade to a more recent version is even thinkable on RHEL, Oracle Linux or other clones.
[13 Jun 2013 10:57]
Georgi Kodinov
It's a bit unfortunate that there's no compile time way to check for the presence of that fix. Thanks for the explanations. It's a valid bug and needs to be fixed.
[28 Jun 2013 14:39]
Georgi Kodinov
I would really love if you can provide a way for us to recognize at compile time that this particular openssl version has been patched to include the fix (so I can safely #ifdef the fix that we did on our side). Any chance that you would consider adding a define specific to your backport of the fix in this version that we can use ? E.g. adding something like this : #define OPENSSL_RHEL_COMPRESSION_FIX 1 to openssl.h would work great.
[29 Jun 2013 14:04]
Remi Collet
@Georgi Kodinov sorry, I really don't understand the need. Feel free to open a request for change on RHEL, but... Why do you think you need this and don't simply #ifdef SSL_OP_NO_COMPRESSION
[29 Jun 2013 15:33]
Hartmut Holzgraefe
I don't understand why this can't be fixed by a simple #ifdef (as in the originally attached patch) either ...
[1 Jul 2013 11:51]
Georgi Kodinov
Remi, IMHO we need to be able to distinguish between an un-patched openssl 0.9.8e (that doesn't contain the fixes that you've backported to it) and your patched variant of the same library. Otherwise there will not be enough information to determine whether to do the fix for this ssl bug in the mysql code or not.
[29 Aug 2013 14:21]
Georgi Kodinov
Moving to "need feedback" based on the above question
[30 Sep 2013 1:00]
Bugs System
No feedback was provided for this bug for over a month, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open".
[20 Apr 2015 14:34]
Paul DuBois
Noted in 5.5.44, 5.6.25, 5.7.8, 5.8.0 changelogs. MySQL failed to compile using OpenSSL 0.9.8e.
[23 Jun 2015 14:05]
Laurynas Biveinis
commit e7ad7f050e2d0887f2587e5801356ac411a67ed3 Author: V S Murthy Sidagam <venkata.sidagam@oracle.com> Date: Mon Apr 20 16:46:36 2015 +0530 Bug #16861371 SSL_OP_NO_COMPRESSION NOT DEFINED Description: Can't build mysql-5.5 latest source with openssl 0.9.8e. Analysis: Older OpenSSL versions(prior to openssl 1.0) doesn't have 'SSL_OP_NO_COMPRESSION' defined. Hence the build is failing with SSL_OP_NO_COMPRESSION undeclared. Fix: Added a conditonal compilation for 'SSL_OP_NO_COMPRESSION'. i.e if 'SSL_OP_NO_COMPRESSION' is defined then have the SSL_set_options call for OpenSSL 1.0 versions. Have sk_SSL_COMP_zero() call for OpenSSL 0.9.8 version commit f07d9957994c0c21f36511035215c83653097908 Author: V S Murthy Sidagam <venkata.sidagam@oracle.com> Date: Mon Apr 20 19:41:50 2015 +0530 Bug #16861371 SSL_OP_NO_COMPRESSION NOT DEFINED post push change: missed the change in mysql-5.5 (Fixing compiler warning/error) commit 6c11fedb5e81bfdcc9e71475d265a4686daa917f Author: V S Murthy Sidagam <venkata.sidagam@oracle.com> Date: Tue Apr 21 09:24:41 2015 +0530 Bug #16861371 SSL_OP_NO_COMPRESSION NOT DEFINED post push change: fixing valgrind failures