Bug 1301301
| Summary: | Incorrect OPENSSL_VERSION_NUMBER (0x10000003) reported during runtime check, should be (0x1000205f) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Anthony Messina <amessina> |
| Component: | openssl | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 23 | CC: | amessina, tmraz |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-06-26 17:20:50 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Anthony Messina
2016-01-23 22:03:11 UTC
Are you saying that the program was compiled against the current openssl on Fedora 23 and it still reports this old version? That seems weird. This is only compatibility hack that should be in effect only with applications compiled against much older openssl versions. (In reply to Tomas Mraz from comment #1) > Are you saying that the program was compiled against the current openssl on > Fedora 23 and it still reports this old version? That seems weird. This is That is exactly what I am seeing. I compile Kamailio in a koji/mock chroot and run on a fresh F23 installation. I am unable to reproduce the problem.
This simple program:
#include <openssl/ssl.h>
int main()
{
unsigned long ssl_version;
ssl_version = SSLeay();
printf("Compiled with: %lx (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT);
printf("Running with: %lx (%s)\n", ssl_version, SSLeay_version(SSLEAY_VERSION));
return 0;
}
When compiled with "make ssltest CFLAGS='-Wall -g -O2' LDFLAGS='-lcrypto -lssl'"
on Fedora 23 prints:
./ssltest
Compiled with: 1000206f (OpenSSL 1.0.2f-fips 28 Jan 2016)
Running with: 1000206f (OpenSSL 1.0.2f-fips 28 Jan 2016)
Maybe Kamailio does something strange during the build so it forces to link with the compat symbol? But I do not know of any method to actually force such thing.
Also I believe if the versioning was really broken other software would return such error but I am not getting any similar bug reports. (In reply to Tomas Mraz from comment #4) > Also I believe if the versioning was really broken other software would > return such error but I am not getting any similar bug reports. Well, thank you for checking into it. I'll try to follow up with the Kamailio devs since they can't seem to figure it out either except for if I had a stray openssl install on my system. I have installed a completely fresh F23 VM and get the same result. It turns out that the Makefile for Kamailio's TLS module was using: LIBS += $(shell pkg-config libssl --libs) which only returns '-lssl' # pkg-config libssl --libs -lssl It seems that in order for the version detection to work properly, it also needs '-lcrypto' I'll modify the libssl.pc to add -lcrypto. It's very strange that the symbol resolution went this way without the -lcrypto though. (In reply to Tomas Mraz from comment #7) > I'll modify the libssl.pc to add -lcrypto. It's very strange that the symbol > resolution went this way without the -lcrypto though. Sorry for the delay. This fixes the issue. |