Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue building 0.11.x due to paho-mqtt-sys and underlying C library changes around OpenSSL methods #164

Open
nickpelone opened this issue Aug 24, 2022 · 2 comments

Comments

@nickpelone
Copy link

Hey there,

Thanks for having the Rust binding available.

I noticed when I bumped a project from using 0.9.1 to 0.11, I got this crazy-insane linker error when building on OpenBSD/LibreSSL, a platform I regularly use. For additional context, I normally build with the default feature set (no vendored OpenSSL or anything like that) without issue. The error:

error: linking with `cc` failed: exit status: 1                                                                                                                                                                                                                                   
  |                                                                                                                                                                                                                                                                               
  = note: "cc" "-m64" **tons of linker arguments removed**
  
    = note: ld: error: undefined symbol: SSL_CTX_set_security_level            
          >>> referenced by SSLSocket.c                                      
          >>>               SSLSocket.c.o:(SSLSocket_createContext) in archive /path/to/program/target/release/deps/libpaho_mqtt_sys-d433c093ff96f11c.rlib                                                                                                                            
          cc: error: linker command failed with exit code 1 (use -v to see invocation)                                                                     
                                                                                                                                                  

Digging into that line, we see that line

	SSL_CTX_set_security_level(net->ctx, 1);

was introduced here: eclipse-paho/paho.mqtt.c@a43528b
and appears in the tag for the 1.3.10 release, which it looks like the crate here began using in its first 0.11 release: https://github.com/eclipse/paho.mqtt.rust/blob/master/CHANGELOG.md#v0110---2021-04-16

Later on, it got gated with a version check: eclipse-paho/paho.mqtt.c@7baa11e

#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
	SSL_CTX_set_security_level(net->ctx, 1);
#endif

but it doesn't seem to affect the issue.

What's weird, is that function has no bindings at all in openssl-sys: sfackler/rust-openssl#1380

so this should have popped out at some point, it feels like?
What's weirder still, is that this project in question still seems to build on Linux. So I have no idea how that's happening.

I understand this is a little odd, but thanks for any help or pointers you might be able to provide! In the meantime, I've pinned my dependency on paho-mqtt at 0.10 so I can continue building on OpenBSD.

@fpagliughi
Copy link
Contributor

Thanks for the report. Yes, it definitely builds on Linux... and Windows and Mac. I develop mostly on Linux, but do a quick build and test on those others before a release. But I don't have a machine with OpenBSD.

I'm not too familiar with a lot of the internals in the C lib, but maybe we should raise the issue over there to get a better idea. It sounds like the version check (conditional compilation) is the proper solution, but perhaps some type of platform check may be required is the versions are different.

@nickpelone
Copy link
Author

nickpelone commented Aug 30, 2022

Thanks for getting back to me! Sorry, busy weekend.

It sounds like the version check (conditional compilation) is the proper solution, but perhaps some type of platform check may be required is the versions are different.

This sounds good, some kind of conditional to not call this on LibreSSL since I think it outright doesn't exist. I'd halfway be curious as to its inclusion in that part of the C library in the first place.

I'll file an issue over there later today and reference here. Thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants