Project

General

Profile

Bug #11239

civetweb defaults to libssl.so and libcrypto.so when versions not passed

Added by Mark Nelson almost 2 years ago. Updated about 1 month ago.

Status:
Pending Backport
Priority:
Normal
Assignee:
Target version:
-
Start date:
03/26/2015
Due date:
% Done:

0%

Source:
other
Tags:
Backport:
jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Release:
Needs Doc:
No

Description

Hit this on our performance test box when attempting to test civetweb with SSL using fedora20 packages of hammer from gitbuilder.

[nhm@burnupiX log]$ ceph --version
ceph version 0.93-186-g836fdc5 (836fdc512dcae6724c72e52cb84ee2a364f0d261)

RGW section from ceph.conf:

[client.radosgw.gateway]
        host = burnupiX
        rgw frontends = civetweb port=443s ssl_certificate=/home/nhm/tmp/server.pem
        keyring = /tmp/cbt/ceph/keyring 
        rgw socket path = /tmp/cbt/ceph/radosgw.sock
        log file = /tmp/cbt/ceph/radosgw.log
        debug rgw = 0
        admin socket = /tmp/cbt/ceph/radosgw.asok

2015-03-25 18:29:43.536944 7fdbb7ba5940  0 starting handler: civetweb
2015-03-25 18:29:43.537221 7fdbb7ba5940  0 civetweb: 0xa8d820: load_dll: cannot load libssl.so
2015-03-25 18:29:43.537319 7fdbb7ba5940  0 civetweb: 0xa8d820: load_dll: cannot load libcrypto.so

From civetweb.c:

#if !defined(SSL_LIB)
#define SSL_LIB "libssl.so" 
#endif
#if !defined(CRYPTO_LIB)
#define CRYPTO_LIB "libcrypto.so" 
#endif

https://github.com/sunsetbrew/civetweb/blob/master/src/civetweb.c#L296

Normally these are passed via the makefile:
https://github.com/sunsetbrew/civetweb/blob/master/Makefile#L157-L158


Related issues

Copied to Backport #19003: jewel: civetweb defaults to libssl.so and libcrypto.so when versions not passed In Progress

History

#1 Updated by Tim Serong over 1 year ago

Also it seems the config file parser whines about the trailing 's' on the port number:

Aug 24 20:39:15 d52-54-00-49-17-2a radosgw[25748]: error parsing int: 443s: strict_strtoll: garbage at end of string. got: '443s'

#2 Updated by Tim Serong over 1 year ago

It should work if you create a couple of symlinks:

  # ln -s /lib64/libssl.so.1.0.0 /usr/lib64/libssl.so
  # ln -s /lib64/libcrypto.so.1.0.0 /usr/lib64/libcrypto.so

Also, turns out the strict_strtoll error is purely cosmetic, i.e. it doesn't actually break anything (and, indeed, the 's' is necessary to enable SSL).

The libssl.so and libcrypto.so symlinks will be present if the openssl devel package is installed, BTW, but I'm guessing requiring this is undesirable.

#3 Updated by Jiang Yu over 1 year ago

How do I configure civetweb use https?Will this problem has been solved yet?

#4 Updated by Karol Mroz over 1 year ago

  • Regression set to No

Jiang Yu wrote:

How do I configure civetweb use https?Will this problem has been solved yet?

Have a look here: http://tracker.ceph.com/issues/13523#note-1

#5 Updated by Russell Islam 8 months ago

Any idea on the flowing bug?
[root@ceph-us-west tls]# radosgw-admin realm pull --url=https://ceph-us-east-1:443 --access-key=$SYSTEM_ACCESS_KEY --secret=$SYSTEM_SECRET_KEY
request failed: (22) Invalid argument
2016-07-11 15:35:30.360412 7fc7a20099c0 0 curl_easy_perform returned error: Peer's certificate issuer has been marked as not trusted by the user.

#6 Updated by Yehuda Sadeh 8 months ago

  • Assignee set to Marcus Watts

#7 Updated by Kefu Chai 8 months ago

  • Status changed from New to Need Review

#8 Updated by Nathan Cutler 8 months ago

  • Backport set to jewel

#9 Updated by Nathan Cutler 8 months ago

  • Backport deleted (jewel)

Ah, never mind.

#10 Updated by Marcus Watts 5 months ago

  • Needs Doc set to No

I've got an updated PR #11571 that contains "load by soname" and documentation from 10335. It will still complain about parsing 443s.

#11 Updated by Marcus Watts 5 months ago

I've updated https://github.com/ceph/ceph/pull/11571
It now needs to be applied after https://github.com/ceph/civetweb/pull/14 which contains a necessary change to civetweb.
This version of the fix will not complain about 443s, and will allow multiple ports, such as "80+443s" or "8000+8443s" or etc. It also works with s3 v4 and with swift preauth.

#12 Updated by Marcus Watts 5 months ago

I've got yet another version of the ssl patch: these PRs: https://github.com/ceph/ceph/pull/11776 https://github.com/ceph/civetweb/pull/15 . It's updated to use civetweb 1.8. Should be otherwise functionally the same.

#13 Updated by Loic Dachary about 1 month ago

  • Status changed from Need Review to Pending Backport
  • Backport set to jewel

#14 Updated by Loic Dachary about 1 month ago

  • Copied to Backport #19003: jewel: civetweb defaults to libssl.so and libcrypto.so when versions not passed added

Also available in: Atom PDF