Bug #1923 bogus openssl support
Submitted: 23 Nov 2003 9:11 Modified: 12 Dec 2003 5:08
Reporter: Jens Elkner Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Compiling Severity:S1 (Critical)
Version:4.0.16 OS:Linux (Linux (*x))
Assigned to: Michael Widenius CPU Architecture:Any

[23 Nov 2003 9:11] Jens Elkner
Description:
1)
Hmmm - per default mysql links against against the dynamic libs
of openssl (i.e. libssl.so ...) but your hacked acinclude.m4 
tries to find libssl.a, only!

You make the wrong assumption, that libssl.a is always installed!
Because of security and maintainance reasons, noone really likes
to link against a static ssl library and thus those libs are 
not installed or cleaned up from the system to prevent unsecure "linkage"...

If you wanna stay with your dirty hacks, you should at least look
for libssl.so as well (and actually looking for something, what is
never used does not make any sense)!

2)
libmysql/conf_to_source is unwisely linked against libopenssl and this
breaks the build, in case 
a) ssl libs are not in the default system location or 
b) ssl libs are not included in the LD_LIBRARY_PATH or
c) the installed ssl libs on the systems or not compatible to
   the libs, conf_to_source is linked to 

So I suggest to make a single rule for conf_to_source, which does not
include the switches for ssl...

3) RFE:
Throw away your dirty hacks and rely on more reliable/standard stuff
e.g. like pkgconfig. You can avoid a lot of headaches and bugs by
just using the following lines in your configure.in:

OPENSSL_REQUIRED_VERSION = 0.9.6
PKG_CHECK_MODULES(OPENSSL, openssl >= $OPENSSL_REQUIRED_VERSION)

and than use the automatically/correctly set $(OPENSSL_CFLAGS),
$(OPENSSL_LIBS) at the appropriate places.

Of course, if you want free the builder from searching the openssl.pc
(which is always in $INSTALLDIR/lib/pkgconfig/), you can add automatically
$openssl_dirlib/pkgconfig/ to the PKG_CONFIG_PATH before 
the PKG_CHECK_MODULES comes into action ...

The same applies for the Orbit stuff: Currently you just use, what you find -
no matter, whether e.g. a pkg maintainer wants to link mysql against a
separate (e.g. not installed) version or not. Actually he has no choice
but hacking your hacks ...

How to repeat:
Install your openssl stuff in a none-default directory (e.g. /tmp/proto/usr)
and try to compile mysql against those libs:

./configure \
  --with-openssl \
  --with-openssl-includes=${ROOT4BUILD}/usr/include \
  --with-openssl-libs=${ROOT4BUILD}/usr/lib

Suggested fix:
E.g. something like that:
--with_openssldir=DIR

AC_ARG_WITH(openssl, dnl
[  --with-openssldir          install path to openssl])
if test -n "$with_openssldir"
then
   PKG_CONFIG_PATH="${PKG_CONFIG_PATH}:${with_openssldir}/lib/pkgconfig"
fi 
...

OPENSSL_VERSION = 0.9.6
ORBIT_VERSION=2.7.2
GLIB_VERSION=2.0.1

PKG_CHECK_MODULES(OPENSSL, openssl >= $OPENSSL_VERSION)
PKG_CHECK_MODULES(ORBIT, ORBit-2.0 >= $ORBIT_VERSION \
     glib-2.0 >= $GLIB_VERSION \
     gobject-2.0 >= $GLIB_VERSION \
     gthread-2.0 >= $GLIB_VERSION)
...

You may have a look e.g. at GNOME's libbonobo-2.x/configure.in to find out 
more details ...
[23 Nov 2003 20:45] Boyd Gerber
From bug report "1)
Hmmm - per default mysql links against against the dynamic libs
of openssl (i.e. libssl.so ...) but your hacked acinclude.m4
tries to find libssl.a, only!"

I verified this on two different OS's UnixWare and SuSE 8.2

I renamed libssl.a and on these two platforms and there was problems with finding openssl as per the bug report.  Yhid is for 1 and 2

and also "2)
libmysql/conf_to_source is unwisely linked against libopenssl and this
breaks the build, in case
a) ssl libs are not in the default system location or
b) ssl libs are not included in the LD_LIBRARY_PATH or
c) the installed ssl libs on the systems or not compatible to
   the libs, conf_to_source is linked to
"

Verified on UnixWare 7.1.3.

I think that item 3 should be investigated.
[12 Dec 2003 5:08] Michael Widenius
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

We have now fixed that we also search for libssl.so

Thanks for the suggestion to use pkg-config but unfortunately this is not an option for us becasue:
- not many users have pkg-config installed by default and we don't want to have     our build system depending on too many different projects.
- pkg-config doesn't exists on all platforms that MySQL supports

We may in the future make a special case for Linux but as the current system works resonable well we don't regard this as critically important.

You can with mysql always specify which openssl version to use with --with-openssl-includes and --with-openssl-libs