Percona Server is still built with yaSSL

Bug #1104977 reported by Raghavendra D Prabhu
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona Server moved to https://jira.percona.com/projects/PS
Fix Released
High
Laurynas Biveinis
5.1
Fix Released
High
Unassigned
5.5
Fix Released
High
Unassigned
5.6
Fix Released
High
Laurynas Biveinis
Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC
Fix Released
Undecided
Raghavendra D Prabhu

Bug Description

In lp:1028240, it looks like few conflicting yassl symbols were removed.

But https://bugs.launchpad.net/percona-server/5.5/+bug/1028240/comments/17 states it is being build without yassl.

However,

nm -n /usr/lib/debug/usr/sbin/mysqld.debug| grep -iE 'yassl'

reveals plenty of internal (with local visibility) yassl symbols suggesting an embedded yassl.

.........
........
00000000009a2420 t yaSSL_get_default_timeout
00000000009a2430 t yaSSLeay_version
00000000009a2480 t yaSSL_load_error_strings
00000000009a2490 t yaSSL_set_connect_state
00000000009a24a0 t yaSSL_get_verify_result
00000000009a24b0 t yaSSL_CTX_sess_set_cache_size
00000000009a24c0 t yaSSL_CTX_get_session_cache_mode
00000000009a24d0 t yaSSL_CTX_set_default_verify_paths
00000000009a24e0 t yaSSL_CTX_set_session_id_context
00000000009a24f0 t yaSSL_CTX_check_private_key
00000000009a2500 t yaSSL_CTX_set_options
00000000009a2510 t yaSSL_CTX_set_info_callback
00000000009a2530 t yaSSL_library_init
00000000009a25b0 t yaSSL_get_certificate
00000000009a25c0 t yaSSL_get_privatekey
00000000009a25d0 t yaSSL_SESSION_free
00000000009a2630 t yaSSLv2_client_method
00000000009a2730 t yaSSLeay_add_ssl_algorithms
00000000009a2820 t yaSSL_alert_type_string_long
00000000009a2830 t yaSSL_alert_desc_string_long
00000000009a2840 t yaSSL_state_string_long
00000000009a2850 t yaSSL_CTX_set_tmp_rsa_callback
00000000009a2860 t yaSSL_CTX_set_timeout
00000000009a2870 t yaSSL_CTX_use_certificate_chain_file
00000000009a2880 t yaSSL_CTX_use_RSAPrivateKey_file
00000000009a2890 t yaSSL_set_rfd
00000000009a28a0 t yaSSL_set_wfd
00000000009a28b0 t yaSSL_want_read
..........................
...................

nm -n /usr/lib/debug/usr/bin/mysql.debug| grep -iE yassl

 also reveals something similar.

====================================================
=======

The openssl compatibility layer file defines

#ifdef YASSL_PREFIX
#include "prefix_ssl.h"
#endif

which equals to being built with embedded yaSSL.

YASSL_PREFIX is true if WITH_SSL=bundled is passed or --with-ssl is passed in configure options.

Passing WITH_SSL=system or --with-ssl= builds with openssl of the system.

This is how it looks if mysql is built with system openssl:

nm -D `which mysqld` | grep -i ssl

                 U OPENSSL_add_all_algorithms_noconf
                 U SSL_CIPHER_get_name
                 U SSL_CTX_check_private_key
                 U SSL_CTX_ctrl
                 U SSL_CTX_free
                 U SSL_CTX_get_verify_depth
                 U SSL_CTX_get_verify_mode
                 U SSL_CTX_load_verify_locations
                 U SSL_CTX_new
                 U SSL_CTX_set_cipher_list
                 U SSL_CTX_set_default_verify_paths
                 U SSL_CTX_set_session_id_context
                 U SSL_CTX_set_verify
                 U SSL_CTX_use_PrivateKey_file
                 U SSL_CTX_use_certificate_file
                 U SSL_SESSION_set_timeout
                 U SSL_accept
                 U SSL_clear
                 U SSL_connect
                 U SSL_ctrl
                 U SSL_free
                 U SSL_get_cipher_list
                 .......
                 ............

with ldd revealing:

ldd =mysqld
        linux-vdso.so.1 (0x00007fff069af000)
        libaio.so.1 => /usr/lib64/libaio.so.1 (0x00007f6ed73ef000)
        libz.so.1 => /usr/lib64/libz.so.1 (0x00007f6ed71d9000)
        libpthread.so.0 => /usr/lib64/libpthread.so.0 (0x00007f6ed6fbd000)
        libcrypt.so.1 => /usr/lib64/libcrypt.so.1 (0x00007f6ed6d86000)
        libdl.so.2 => /usr/lib64/libdl.so.2 (0x00007f6ed6b82000)
        libssl.so.1.0.0 => /usr/lib64/libssl.so.1.0.0 (0x00007f6ed6918000)
        libcrypto.so.1.0.0 => /usr/lib64/libcrypto.so.1.0.0 (0x00007f6ed650f000)
        libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00007f6ed620c000)
        libm.so.6 => /usr/lib64/libm.so.6 (0x00007f6ed5f0e000)
        libc.so.6 => /usr/lib64/libc.so.6 (0x00007f6ed5b61000)
        /lib/ld-linux-x86-64.so.2 (0x00007f6ed75f0000)
        libgcc_s.so.1 => /usr/lib64/libgcc_s.so.1 (0x00007f6ed594c000)

with
/usr/lib64/libssl.so.1.0.0 owned by openssl.

Tags: pkg

Related branches

Revision history for this message
Raghavendra D Prabhu (raghavendra-prabhu) wrote :

This was tested with latest PS - 5.5.29-29.3

Revision history for this message
Valerii Kravchuk (valerii-kravchuk) wrote :

Previous release is also affected:

[valerii.kravchuk@cisco1 Percona-Server-5.5.28-rel29.3-388.Linux.x86_64]$ nm -n bin/mysqld | grep -iE yassl | more
00000000009d1510 t yaSSL_get_default_timeout
00000000009d1520 t yaSSLeay_version
00000000009d1570 t yaSSL_load_error_strings
00000000009d1580 t yaSSL_set_connect_state
00000000009d1590 t yaSSL_get_verify_result
00000000009d15a0 t yaSSL_CTX_sess_set_cache_size
00000000009d15b0 t yaSSL_CTX_get_session_cache_mode
00000000009d15c0 t yaSSL_CTX_set_default_verify_paths
00000000009d15d0 t yaSSL_CTX_set_session_id_context
00000000009d15e0 t yaSSL_CTX_check_private_key
00000000009d15f0 t yaSSL_CTX_set_options
00000000009d1600 t yaSSL_CTX_set_info_callback
00000000009d1620 t yaSSL_library_init
00000000009d16a0 t yaSSL_get_certificate
00000000009d16b0 t yaSSL_get_privatekey
00000000009d16c0 t yaSSL_SESSION_free
00000000009d1720 t yaSSLv2_client_method
00000000009d1820 t yaSSLeay_add_ssl_algorithms
00000000009d1910 t yaSSL_alert_type_string_long
00000000009d1920 t yaSSL_alert_desc_string_long
00000000009d1930 t yaSSL_state_string_long
00000000009d1940 t yaSSL_CTX_set_tmp_rsa_callback
00000000009d1950 t yaSSL_CTX_set_timeout
...

Changed in percona-server:
status: New → Confirmed
summary: - Percona Server is still built yaSSL
+ Percona Server is still built with yaSSL
Revision history for this message
Laurynas Biveinis (laurynas-biveinis) wrote :

Valerii -

Based on the bug assignment, are you still working on this bug on 5.1?

tags: added: pkg
Revision history for this message
Valerii Kravchuk (valerii-kravchuk) wrote :

Confirmed also with Percona-Server-server-51-5.1.67-rel14.4.511.rhel6.x86_64 and with recent .tar.gz binaries, Percona-Server-5.1.68-rel14.5-513.Linux.x86_64.tar.gz:

[openxs@centos Percona-Server-5.1.68-rel14.5-513.Linux.x86_64]$ nm -n libexec/mysqld | grep -iE yassl | more
00000000008d8920 T yaSSL_get_default_timeout
00000000008d8930 T yaSSLeay_version
00000000008d8980 T yaSSL_load_error_strings
00000000008d8990 T yaSSL_set_connect_state
00000000008d89a0 T yaSSL_get_verify_result
00000000008d89b0 T yaSSL_CTX_sess_set_cache_size
00000000008d89c0 T yaSSL_CTX_get_session_cache_mode
00000000008d89d0 T yaSSL_CTX_set_default_verify_paths
00000000008d89e0 T yaSSL_CTX_set_session_id_context
00000000008d89f0 T yaSSL_CTX_check_private_key
00000000008d8a00 T yaSSL_CTX_set_options
00000000008d8a10 T yaSSL_CTX_set_info_callback
00000000008d8a30 T yaSSL_library_init
00000000008d8ab0 T yaSSL_get_certificate
00000000008d8ac0 T yaSSL_get_privatekey
00000000008d8ad0 T yaSSL_SESSION_free
00000000008d8b30 T yaSSLv2_client_method
00000000008d8c30 T yaSSLeay_add_ssl_algorithms
00000000008d8d20 T yaSSL_alert_type_string_long
00000000008d8d30 T yaSSL_alert_desc_string_long
00000000008d8d40 T yaSSL_state_string_long
00000000008d8d50 T yaSSL_CTX_set_tmp_rsa_callback
00000000008d8d60 T yaSSL_CTX_set_timeout
...

Changed in percona-server:
importance: Undecided → High
assignee: nobody → Ignacio Nin (ignacio-nin)
Revision history for this message
Raghavendra D Prabhu (raghavendra-prabhu) wrote :

This is required for PXC as well.

pwd
...... /percona-xtradb-cluster/pxc-5.5.30/build

grep -r 'with yassl' .
./build-shared-compat-rpm.sh: rpmbuild -ba --clean --with yassl $SIGN \
./build-rpm.sh: rpmbuild -ba --clean --with yassl $TARGET $SIGN $QUIET \

Revision history for this message
Raghavendra D Prabhu (raghavendra-prabhu) wrote :

In addition to those files, percona-xtradb-cluster.spec requires -DWITH_SSL=system as well.

Changed in percona-xtradb-cluster:
status: New → Triaged
Changed in percona-xtradb-cluster:
milestone: none → 5.5.30-23.7.4
Changed in percona-xtradb-cluster:
assignee: nobody → Raghavendra D Prabhu (raghavendra-prabhu)
status: Triaged → Fix Committed
Changed in percona-xtradb-cluster:
status: Fix Committed → Fix Released
Revision history for this message
Ignacio Nin (ignacio-nin) wrote :

Since the 5.5 bug is fixed on revno 481, we wait for those to be merged before merging it into 5.6. Also it may be convenient to wait until the fix for lp:1165098 is merged since the fix for these will conflict in build/ otherwise.

Revision history for this message
Laurynas Biveinis (laurynas-biveinis) wrote :

Ignacio -

Not sure hat you mean, the 5.5 revno 481 is a completely unrelated change?

Revision history for this message
Ignacio Nin (ignacio-nin) wrote :

Lauryinas,

Some lack of clarity from my part :) The bug in 5.5 is fixed, in lp:~ignacio-nin/percona-server/5.5-bug1104977, *on top* of revno 481, i.e. the bugfix is revno 482.

Since revno 481 (of 5.5, a completely unrelated change) hasn't been merged onto 5.6, we'll need to wait for the 5.5 tree upto at least revno 481 to me merged onto 5.6 in order to merge lp:~ignacio-nin/percona-server/5.5-bug1104977 onto 5.6.

N.

Revision history for this message
Laurynas Biveinis (laurynas-biveinis) wrote :

In general case the fix would need to be rebased using the GCA script, but in this instance I think it's more trouble than worth it due to the GCA revision preceding correct fileids.

Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXC-1284

Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-621

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.