Bug #19810 Bundled YASSL in libmysqlclient conflicts with OpenSSL
Submitted: 15 May 2006 1:30 Modified: 9 Nov 2006 10:35
Reporter: ryan quigley Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: C API (client library) Severity:S2 (Serious)
Version:5.0.21 OS:Linux (gentoo 2006.0)
Assigned to: Magnus Blåudd
Tags: libcrypto, libmysqlclient, libssl, openssl, yassl

[15 May 2006 1:30] ryan quigley
Description:
Installing mysql-standard-5.0.21-linux-i686-glibc23 binary breaks PHP 5.1 install w/curl. Downgrading back to 5.0.19 works again. Compiling PHP without mysql support also works.

FYI
apache 2.2.2
curl 7.15.3

I've read that compiling from source fixes this, but haven't tried. see:
http://forums.mysql.com/read.php?52,88020,88927#msg-88927

Thanks,
Ryan

How to repeat:
# ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql  --with-curl
# make
# make install
Installing PHP SAPI module:       apache2handler
/usr/local/apache2/build/instdso.sh SH_LIBTOOL='/usr/local/apache2/build/libtool' libphp5.la /usr/local/apache2/modules
/usr/local/apache2/build/libtool --mode=install cp libphp5.la /usr/local/apache2/modules/
cp .libs/libphp5.so /usr/local/apache2/modules/libphp5.so
cp .libs/libphp5.lai /usr/local/apache2/modules/libphp5.la
libtool: install: warning: remember to run `libtool --finish /usr/src/php-5.1.4/libs'
chmod 755 /usr/local/apache2/modules/libphp5.so
[activating module `php5' in /etc/httpd/conf/httpd.conf]
Installing PHP CLI binary:        /usr/local/bin/
Installing PHP CLI man page:      /usr/local/man/man1/
Installing build environment:     /usr/local/lib/php/build/
Installing header files:          /usr/local/include/php/
Installing helper programs:       /usr/local/bin/
  program: phpize
  program: php-config
Installing man pages:             /usr/local/man/man1/
  page: phpize.1
  page: php-config.1
Installing PEAR environment:      /usr/local/lib/php/
PHP Fatal error:  Unable to start curl module in Unknown on line 0
make[1]: *** [install-pear-installer] Error 254
make: *** [install-pear] Error 2
[15 May 2006 22:53] Hartmut Holzgraefe
no need to "make install", already happens on "make test"
or when just invoking the PHP command line binary in sapi/cli/php
[16 May 2006 7:04] Martijn Broenland
If you can do without SSL support in cURL, you can compile curl with the option --without-ssl. It'll do the trick.
[16 May 2006 13:37] ryan quigley
unfortunately, we need ssl support in curl. we've switched back to 5.0.19 for now
[1 Jul 2006 17:20] mizuiro fan
I also have a similar question.
I compile don't have the question.(curl-7.15.3-1,openssl-0.9.8b-1)
But when I run a cURL's PHP(HTTPS URL),It will crash PHP.

If I remove MySQL 5.0.22(RPM),and install MySQL4.1 or MySQL5.0.19(RPM),The question is solved.

I use gdb result:
[root@MyHost ~]# gdb --args /usr/local/php5/bin/php test.php

GNU gdb Red Hat Linux (6.3.0.0-1.122rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host
libthread_db library "/lib/libthread_db.so.1".

(gdb) run
Starting program: /usr/local/php5/bin/php test.php
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xbc0000
[Thread debugging using libthread_db enabled]
[New Thread -1208252736 (LWP 11843)]
PHP Warning:  Zend Optimizer does not support this version of PHP -
please upgrade to the latest version of Zend Optimizer in Unknown on
line 0
*** glibc detected *** /usr/local/php5/bin/php: free(): invalid pointer:
0x00973ca0 ***
======= Backtrace: =========
/lib/libc.so.6[0xc41f18]
/lib/libc.so.6(__libc_free+0x78)[0xc453ef]
/usr/local/php5/bin/php(_ZdlPvN5yaSSL5new_tE+0x23)[0x83695d3]
/usr/local/php5/bin/php(_ZN5yaSSL8ysDeleteINS_10SSL_METHODEEEvPT_+0x24)[
0x8361c74]
/usr/local/php5/bin/php(_ZN5yaSSL7SSL_CTXD1Ev+0x2a)[0x836d2aa]
/usr/local/php5/bin/php(_ZN5yaSSL8ysDeleteINS_7SSL_CTXEEEvPT_+0x26)[0x83
61886]
/usr/local/php5/bin/php(SSL_CTX_free+0x1f)[0x835d05f]
/usr/lib/libcurl.so.3(Curl_ossl_close+0x66)[0x575ab6]
/usr/lib/libcurl.so.3(Curl_ssl_close+0x26)[0x5840f6]
/usr/lib/libcurl.so.3(Curl_disconnect+0xf2)[0x56d882]
/usr/lib/libcurl.so.3(Curl_connect+0xd49)[0x56e969]
/usr/lib/libcurl.so.3[0x57a79b]
/usr/lib/libcurl.so.3(Curl_perform+0xf0)[0x57cd50]
/usr/lib/libcurl.so.3(curl_easy_perform+0x3c)[0x57d21c]
/usr/local/php5/bin/php(zif_curl_exec+0x98)[0x80d59e8]
/usr/local/php5/bin/php[0x82eb2a8]
/usr/local/php5/bin/php(execute+0x12d)[0x82dca4d]
/usr/local/php5/bin/php(zend_execute_scripts+0x217)[0x82c0bf7]
/usr/local/php5/bin/php(php_execute_script+0x1a2)[0x8284a42]
/usr/local/php5/bin/php(main+0x11d4)[0x8338324]
/lib/libc.so.6(__libc_start_main+0xdc)[0xbf3724]
/usr/local/php5/bin/php[0x80b3e11]
======= Memory map: ========
00101000-00106000 r-xp 00000000 fd:00 6286804    /lib/libcrypt-2.4.so
00106000-00107000 r-xp 00004000 fd:00 6286804    /lib/libcrypt-2.4.so
00107000-00108000 rwxp 00005000 fd:00 6286804    /lib/libcrypt-2.4.so
00108000-0012f000 rwxp 00108000 00:00 0 
0012f000-0015e000 r-xp 00000000 fd:00 4951278   
/usr/lib/libidn.so.11.5.16
0015e000-0015f000 rwxp 0002f000 fd:00 4951278   
/usr/lib/libidn.so.11.5.16
0015f000-00161000 r-xp 00000000 fd:00 5696100   
/usr/local/Zend/lib/ZendExtensionManager.so
00161000-00162000 rwxp 00002000 fd:00 5696100   
/usr/local/Zend/lib/ZendExtensionManager.so
001c5000-001d4000 r-xp 00000000 fd:00 6286508    /lib/libresolv-2.4.so
001d4000-001d5000 r-xp 0000e000 fd:00 6286508    /lib/libresolv-2.4.so
001d5000-001d6000 rwxp 0000f000 fd:00 6286508    /lib/libresolv-2.4.so
001d6000-001d8000 rwxp 001d6000 00:00 0 
00311000-0031c000 r-xp 00000000 fd:00 6285329   
/lib/libgcc_s-4.1.1-20060525.so.1
0031c000-0031d000 rwxp 0000a000 fd:00 6285329   
/lib/libgcc_s-4.1.1-20060525.so.1
00400000-00473000 r-xp 00000000 fd:00 4956073   
/usr/lib/libkrb5.so.3.2
00473000-00475000 rwxp 00073000 fd:00 4956073   
/usr/lib/libkrb5.so.3.2
00477000-0047a000 r-xp 00000000 fd:00 4955666   
/usr/lib/libkrb5support.so.0.0
0047a000-0047b000 rwxp 00002000 fd:00 4955666   
/usr/lib/libkrb5support.so.0.0
0047d000-004a1000 r-xp 00000000 fd:00 4955742   
/usr/lib/libk5crypto.so.3.0
004a1000-004a2000 rwxp 00024000 fd:00 4955742   
/usr/lib/libk5crypto.so.3.0
004e5000-004fd000 r-xp 00000000 fd:00 4956074   
/usr/lib/libgssapi_krb5.so.2.2
004fd000-004fe000 rwxp 00017000 fd:00 4956074   
/usr/lib/libgssapi_krb5.so.2.2
00557000-0058f000 r-xp 00000000 fd:00 4955203   
/usr/lib/libcurl.so.3.0.0
0058f000-00590000 rwxp 00038000 fd:00 4955203   
/usr/lib/libcurl.so.3.0.0
006a4000-007c8000 r-xp 00000000 fd:00 4947104   
/usr/lib/libxml2.so.2.6.23
007c8000-007d0000 rwxp 00124000 fd:00 4947104   
/usr/lib/libxml2.so.2.6.23
007d0000-007d1000 rwxp 007d0000 00:00 0 
007d3000-007dc000 r-xp 00000000 fd:00 6285336   
/lib/libnss_files-2.4.so
007dc000-007dd000 r-xp 00008000 fd:00 6285336   
/lib/libnss_files-2.4.so
007dd000-007de000 rwxp 00009000 fd:00 6285336   
/lib/libnss_files-2.4.so
007e0000-007e4000 r-xp 00000000 fd:00 6285340    /lib/libnss_dns-2.4.so
007e4000-007e5000 r-xp 00003000 fd:00 6285340    /lib/libnss_dns-2.4.so
007e5000-007e6000 rwxp 00004000 fd:00 6285340    /lib/libnss_dns-2.4.so
008e2000-00909000 r-xp 00000000 fd:00 4947489   
/usr/lib/libpng12.so.0.1.2.8
00909000-0090a000 rwxp 00026000 fd:00 4947489   
/usr/lib/libpng12.so.0.1.2.8
00930000-00971000 r-xp 00000000 fd:00 6286478    /lib/libssl.so.0.9.8b
00971000-00975000 rwxp 00040000 fd:00 6286478    /lib/libssl.so.0.9.8b
00bc0000-00bc1000 r-xp 00bc0000 00:00 0          [vdso]
00bc1000-00bda000 r-xp 00000000 fd:00 6285363    /lib/
Program received signal SIGABRT, Aborted.
[Switching to Thread -1208252736 (LWP 11843)]
0x00bc0402 in __kernel_vsyscall ()
(gdb) bt
#0  0x00bc0402 in __kernel_vsyscall ()
#1  0x00c06069 in raise () from /lib/libc.so.6
#2  0x00c07671 in abort () from /lib/libc.so.6
#3  0x00c3aa4b in __libc_message () from /lib/libc.so.6
#4  0x00c41f18 in _int_free () from /lib/libc.so.6
#5  0x00c453ef in free () from /lib/libc.so.6
#6  0x083695d3 in operator delete ()
#7  0x08361c74 in yaSSL::ysDelete<yaSSL::SSL_METHOD> ()
#8  0x0836d2aa in yaSSL::SSL_CTX::~SSL_CTX ()
#9  0x08361886 in yaSSL::ysDelete<yaSSL::SSL_CTX> ()
#10 0x0835d05f in SSL_CTX_free ()
#11 0x00575ab6 in Curl_ossl_close () from /usr/lib/libcurl.so.3
#12 0x005840f6 in Curl_ssl_close () from /usr/lib/libcurl.so.3
#13 0x0056d882 in Curl_disconnect () from /usr/lib/libcurl.so.3
#14 0x0056e969 in Curl_connect () from /usr/lib/libcurl.so.3
#15 0x0057a79b in Curl_follow () from /usr/lib/libcurl.so.3
#16 0x0057cd50 in Curl_perform () from /usr/lib/libcurl.so.3
#17 0x0057d21c in curl_easy_perform () from /usr/lib/libcurl.so.3
#18 0x080d59e8 in zif_curl_exec (ht=1, return_value=0xa03d98c,
return_value_ptr=0x0, 
    this_ptr=0x0, return_value_used=1)
    at /usr/local/src/php5.2-200606300630/ext/curl/interface.c:1598
#19 0x082eb2a8 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbfc94ab0)
    at /usr/local/src/php5.2-200606300630/Zend/zend_vm_execute.h:200
#20 0x082dca4d in execute (op_array=0xa03904c)
    at /usr/local/src/php5.2-200606300630/Zend/zend_vm_execute.h:92
#21 0x082c0bf7 in zend_execute_scripts (type=8, retval=Variable "retval"
is not available.
)
    at /usr/local/src/php5.2-200606300630/Zend/zend.c:1110
#22 0x08284a42 in php_execute_script (primary_file=0xbfc96ee0)
    at /usr/local/src/php5.2-200606300630/main/main.c:1748
#23 0x08338324 in main (argc=2, argv=0xbfc97014)
    at /usr/local/src/php5.2-200606300630/sapi/cli/php_cli.c:1097
(gdb)
[29 Jul 2006 1:55] Jim Winstead
Bug #21337 is a duplicate of this bug.
[4 Aug 2006 15:49] John Parker
This problem still occurs under 5.0.24.
[21 Aug 2006 12:31] Magnus Blåudd
We use macros to rename all yaSSL SSL functions to yaSSL. For example 'SSL_library_init' becomes 'yaSSL_library_init'

By doing an "nm" on libmysql_client and looking for any SSL_* function, I looks like the rename is not done for SSL_peek function. The annoying thing is that it's a new function in yaSSL, added to support curl.

I will add a rename for 'SSL_peek' to 'yaSSL_peek'
[21 Aug 2006 12:33] Magnus Blåudd
[msvensson@host mysql-5.0]$ nm libmysql/.libs/libmysqlclient.so | grep SSL_
0009e0c6 T SSL_peek <<< Here
0009c902 T yaSSL_accept
0009cb6e T yaSSL_clear
0009c636 T yaSSL_connect
[21 Aug 2006 12:52] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/10669

ChangeSet@1.2246, 2006-08-21 14:51:59+02:00, msvensson@neptunus.(none) +1 -0
  Bug#19810  	Bundled YASSL in libmysqlclient conflicts with OpenSSL
   - Rename yaSSL version of 'SSL_peek' to 'yaSSL_peek' by using a macro
[24 Aug 2006 19:23] Iggy Galarza
Available in 5.1.12
[31 Aug 2006 16:07] Chad MILLER
Available in 5.0.25.
[2 Sep 2006 1:44] Paul Dubois
Noted in 5.0.25, 5.1.12 changelogs.

The yaSSL library bundled with libmysqlclient had some conflicts with
OpenSSL. Now macros are used to rename the conflicting symbols to
have a prefix of ya.
[13 Oct 2006 8:09] Sveta Smirnova
There is similar Bug #23080

Reporter found error in 5.0.26
[14 Oct 2006 18:17] Jørgen Thomsen
Would someone at MySQL be serious about fixing this serious error ??
[14 Oct 2006 18:26] Jørgen Thomsen
/usr/local/mysql/lib/libmysqlclient.a(libtaocrypt_la-misc.o): In function `CRYPTO_lock':
misc.cpp:(.text+0x44): multiple definition of `CRYPTO_lock'
/usr/local/ssl/lib/libcrypto.a(cryptlib.o):cryptlib.c:(.text+0x4e0): first defined here
/usr/bin/ld: Warning: size of symbol `CRYPTO_lock' changed from 194 in /usr/local/ssl/lib/libcrypto.a(cryptlib.o) to 7 in /usr/local/mysql/lib/libmysqlclient.a(libtaocrypt_la-misc.o)
/usr/local/mysql/lib/libmysqlclient.a(libtaocrypt_la-misc.o): In function `CRYPTO_add_lock':
misc.cpp:(.text+0x4c): multiple definition of `CRYPTO_add_lock'
/usr/local/ssl/lib/libcrypto.a(cryptlib.o):cryptlib.c:(.text+0x5b0): first defined here
/usr/bin/ld: Warning: size of symbol `CRYPTO_add_lock' changed from 178 in /usr/local/ssl/lib/libcrypto.a(cryptlib.o) to 7 in /usr/local/mysql/lib/libmysqlclient.a(libtaocrypt_la-misc.o)
[16 Oct 2006 9:44] Magnus Blåudd
Unfortunately the patch to remove CRYPTO_* functions with the use of 
#ifndef(YASSL_MYSQL_COMPATIBLE) didn't work as YASSL_MYSQL_COMPATIBLE was not
defined in that file. That mean libmysqlclient as of version 5.0.26 will define
CRYPTO_add_lock and CRYPTO_lock

The most annoying thing is that the CRYPTO_* are two empty functions. They have
been removed from the imported yaSSL source in MySQL and moved to another file
in the yaSSL CVS repository which will not be compiled into libmysqlclient.

Also see bug#21930
[18 Oct 2006 0:58] Duleepa Wijayawardhana
This is definitely not fixed in 5.0.26... very annoyed with some critical downtime, please advise if you intend to fix or if paying for enterprise server would help. We are considering other db options at this point.

Dups
[18 Oct 2006 10:01] Magnus Blåudd
You are right the CRYPTO_* functions are still in libmysqlclient of 5.0.26

Will immediately look for a way to fix this without having to wait for the next version.
[18 Oct 2006 10:22] Magnus Blåudd
This is the patch, it is already in mysql-5.0 source repository and it will be in 5.0.27.

--- 1.15/extra/yassl/taocrypt/src/misc.cpp	2006-09-25 16:40:34 +02:00
+++ 1.16/extra/yassl/taocrypt/src/misc.cpp	2006-09-25 16:40:34 +02:00
@@ -29,16 +29,6 @@
 #include "runtime.hpp"
 #include "misc.hpp"
 
-#if !defined(YASSL_MYSQL_COMPATIBLE)
-extern "C" {
-
-    // for libcurl configure test, these are the signatures they use
-    // locking handled internally by library
-    char CRYPTO_lock() { return 0;}
-    char CRYPTO_add_lock() { return 0;}
-}  // extern "C"
-#endif
-
 #ifdef YASSL_PURE_C
[20 Oct 2006 3:19] Gavin Stokes
This is not fixed in the MySQL 5.1.  The error messages differ somewhat, and I can't determine exactly what the error is anymore (everything seems to be a warning).  But the PHP 5.1.6 build will succeed without MySQL.  I configured the PHP build as follows:

./configure --prefix=/Library/PHP5 --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc --with-zlib --with-xml --with-zlib-dir=/usr --with-openssl --enable-exif --enable-ftp --enable-mbstring --enable-mbregex --enable-sockets --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-apxs=/usr/sbin/apxs

I realize that everyone thinks his bug is important, but I don't understand rating this "non-critical."  Aren't PHP and MySQL a nearly standard combination?  Currently, these products don't work together.
[26 Oct 2006 11:18] Magnus Blåudd
Will add a test program that links with libmysqlclient, libssl and libcrypt to ensure this kind of problems can't skip through.
[28 Oct 2006 21:24] Matthew Ratzloff
"This is the patch, it is already in mysql-5.0 source repository and it will be
in 5.0.27."

Installed MySQL 5.0.27 today and it STILL will not compile with the latest version of PHP.  It's the same error--redefining the CRYPTO_* functions.  This is extremely frustrating, and enough to make me think of using PostgreSQL instead for our future projects if MySQL cannot handle a major bug like this in a timely manner.
[29 Oct 2006 7:23] SHAWN HOGAN
Also confirming it's not fixed in the 5.0.27 SuSE distributions... augh!
[30 Oct 2006 3:07] ALex Edelman
Confirming that the bug is NOT fixed while compiling with PHP 5.1.6 and MySQL 5.0.27 on Mac OS 10.4.8, Darwin 8.8.0.
[30 Oct 2006 9:09] Magnus Blåudd
Sorry that a version number was mentioned in the bugreport. The patch has indeed been pushed to our source repoistory.

But 5.0.27 and 5.0.28 is based on the 5.0.26 release and has only _one_ additional fix for BUG#23427.
[30 Oct 2006 10:13] Magnus Blåudd
The CRYPTO_* functions are only compiled into libmysqlclient if it has been compiled with yaSSL(wich provides SSL support), this means a libmysqlclient library without yaSSL should work for you.

On our download page there are rpm's available that can be used to install libmysqlclient.so that are compiled without yaSSL and it should thus be possible  to use these with PHP.

Please take a look at the rpm and see if that can be a good enough workaround for you.

Use the below link.
http://dev.mysql.com/get/Downloads/MySQL-5.0/MySQL-shared-5.0.27-0.glibc23.i386.rpm/from/p...
[1 Nov 2006 7:12] Henrik Schack
Can this RPM be "mixed" / replace the RHEL4 version of this RPM without any problems ?
[6 Nov 2006 21:04] Bret Orton
I finally got PHP to laydown with Mysql using Magnus Svensson suggestion on a CentOS (RHEL) box. I installed the latest MySQL binary to /opt/mysql and made sure that was up and running. Then I installed the Shared Libraries and Shared Compatibility libraries from RPM which seemed to install in /usr/lib . I was then able to compile PHP against where the RPM libraries were installed : with-mysql=/usr/lib

It's just a laptop setup but everything seems to work fine. 

HTH
[9 Nov 2006 10:35] Magnus Blåudd
Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release.

If necessary, you can access the source repository and build the latest available version, including the bug fix. More information about accessing the source trees is available at

    http://dev.mysql.com/doc/en/installing-source.html
[14 Dec 2006 20:47] Timothy Smith
Hi.  This bug has been fixed in MySQL 5.0.30.  Pre-built binaries of 5.0.30 are available to MySQL Network customers, details below.  Also, see the possible workaround in Magnus' comment on 30 Oct.

If you want to spend time to save money:

The source code of the Enterprise server (in tarball format) is available at:
ftp://ftp.mysql.com/pub/mysql/src

Access to this FTP site is anonymous and unrestricted.  You will need to compile and test your own binaries.

If you want to spend money to save time:

The pre-built and tested binaries are available to our paying customers. MySQL Enterprise Server subscriptions start at just $595 a year. For more information, see:
http://www.mysql.com/products/enterprise/

Regards,

Timothy
[7 Jan 2007 18:10] Nickolas Daskalou
Confirming this is still an issue with the following setup:

PHP 5.2
MySQL 5.0.27-0
Apache 1.3.37
Hosted on a CentOS 3.8 installation (which includes cPanel)

It's been almost a month since this was fixed in the Enterprise Release of MySQL, does anyone have an idea when this fix will make it to the Community Server Release?
[7 Jan 2007 19:16] Nickolas Daskalou
To all those still experiencing this problem and are trying to access an HTTPS page using PHP, here's a temporary solution/workaround:

You can use the "curl" system command by using the backticks operator in PHP, for example:

<?php

$url = "https://webmail.optusnet.com.au/";
$username = "blah";
$password = "bleh";

// Using the POST method
$command = "curl \"$url\" --data-binary \"".
           "user=".urlencode($username).
           "&".
           "password=".urlencode($password).
           "\"";

$html = `$command`;

// Using the GET method
$command = "curl \"$url?".
           "user=".urlencode($username).
           "&".
           "password=".urlencode($password).
           "\"";

$html = `$command`;
?>

Oh yeah, I'm assuming you're using Linux ;)

There's an abundance of other useful parameters you can pass into the curl system command, just do a "man curl" at the command prompt to see what's on offer (the --max-redirs option, for example, sets the maximum number of redirections curl is allowed to follow).

Also the "wget" command will work with this too using something like "wget -O - \"$url\" 2>/dev/null" or even the "lynx" command (eg. "lynx --source \"$url\"). View the man pages on those commands to see how to pass GET or POST data to the URLs.

Hope that helps.
[2 Mar 2007 9:26] Sveta Smirnova
Bug #26779 was marked as duplicate of this one