Description of problem:
mariadb-libs-10.1.21-5.fc26.x86_64 still uses compat-openssl10. Since mariadb-libs is used in a lot of places that also directly use (the newer) openssl, and mixing both versions in the same address space is problematic, mariadb should be updated to use the standard (non-compat) openssl version
This is a known issue.
MariaDB 10.1.25 is not prepared to use OpenSSL11.
Upstream decided to implement OpenSSL11 support only to MariaDB 10.2.x version.
It has been developing for a long time, so it doesn't get into f26.
MariaDB 10.2 is just now beeing incorporated into Rawhide (F27) and the it also support the OpenSSL11.
However the transition from 10.1 to 10.2 versions is very problematic (library soname changes and more), so I'd stay with the current state.
What do you think?
Problem is that now any non-trivial application will end up with both openssl10 and 11, and apparently the library symbols aren't properly versioned and incompatible, leading to crashes because the symbol from the wrong version of openssl is apparently called.
So really either mariadb has to stop using openssl10 or openssl10 and 11 need to be made compatible, for example with proper symbol versioning
Ok, now I understand, it can be a real issue.
I'll discuss it and I'll se what possible solutions I'll find out.
When linking my application, the linker complains:
/usr/bin/ld: warning: libcrypto.so.10, needed by //usr/lib64/mysql/libmysqlclient.so.18, may conflict with libcrypto.so.1.1
(I don't need libmysqlclient.so.18 myself, it gets pulled in via geos)
Thomas, can you use the mariadb-connector-c instead? That library is built with openssl 1.1.
I am not even using mariadb myself, it gets pulled in by gdal (/usr/lib64/libgdal.so.20.1.3). So you need to ask the gdal maintainer whether gdal can use it - I suspect the answer is not out of the box...
mariadb-10.1.26-2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b045a9a63d
The update above includes patches that were based on upstream patches that delivered OpenSSL 1.1 support for MariaDB 10.2. The upstream report for back-porting it to 10.1 is available at https://jira.mariadb.org/browse/MDEV-13592, but I don't expect they will push on it, so this change might stay in F26 as downstream only change.
The plan is to keep the update longer in Bodhi to see if it doesn't break anything, since each downstream patch si kinda risky. Let us know if you see any weird behaviour regarding SSL, there is always possibility to go back to compat-openssl10.
The patches are also available here:
mariadb-10.1.26-2.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b045a9a63d
Thank you very much! This works for me.
mariadb-10.1.26-2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.