lang/crystal's openssl integration is unable to work with OpenSSL providers that do not provide a pkg-config. Trigger: compile avalanchemq from https://reviews.freebsd.org/D31410 and see linker errors that look like the OpenSSL module is expecting an ancient OpenSSL API, not 1.1.1's. Debugging this with dch on IRC, I find this on FreeBSD 13.0: 1. Crystal's openssl modules, through /usr/local/lib/crystal/openssl/lib_ssl.cr, tries to derive the OpenSSL version like so: {% ssl_version = `hash pkg-config 2> /dev/null && pkg-config --silence-errors --modversion libssl || printf %s 0.0.0`.split.last.gsub(/[^0-9.]/, "") %} Now, FreeBSD's base OpenSSL does not provide the typical libssl.pc, libcrypto.pc or openssl.pc files, so this line comes up with version 0.0.0 as a fallback. This however causes the Crystal OpenSSL code to use an old OpenSSL API version which expects all sorts of outdated symbols from the libraries, which 1.1.1 no longer provides. I am unaware of the Crystal language, so I cannot provide a fix. Please patch Crystal in a way that it properly detects the OpenSSL version (1.1.1k as of 13.0-RELEASE) and uses the right API.
victim is project member, assign.
Created attachment 226992 [details] tail of poudriere failed log for net/avalanchemq
Comment on attachment 226992 [details] tail of poudriere failed log for net/avalanchemq Note that these symbols are the result of Crystal's lib_ssl/lib_crypto assuming an old OpenSSL API, because it's misdetecting the version. These symbols have been gone and renamed or replaced by different APIs on OpenSSL 1.1.0, and Crystal uses old interfaces. For instance, EVP_MD_CTX_create() is EVP_MD_CTX_new() in newer OpenSSL versions, SSLv23_method is TLS_method, and SSL_library_init() is gone. Crystal basically and generally knows to handle these, and replacing the first few lines of lib_crypto.cr by these {% begin %} lib LibCrypto OPENSSL_VERSION = "1.1.1" end {% end %} or the version detection macro set from line 7 to 24 in lib_ssl.cr (both .cr files in $PREFIX/lib/crystal/openssl/) by {% begin %} lib LibSSL LIBRESSL_VERSION = "0.0.0" OPENSSL_VERSION = "1.1.1" end {% end %} is good enough to compile something on FreeBSD 13.0.
See https://reviews.freebsd.org/D31435 for a reasonable attempt at patching this. I've manually checked that SSL_DEFAULT skips both patches and replacement, and waiting now on poudriere test run to see how that goes.
Greg - thoughts on accepting my patch? https://reviews.freebsd.org/D31435 Upstream isn't fixing it any time soon AFAICT.
(In reply to Dave Cottlehuber from comment #5) Oh, sorry, I forgot about this.. I'll retest tomorrow and approve. This is the only solution for existing FreeBSD releases. But I would like to also add the openssl pc files to base.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=30bb70e94e1bed9b4c2953b7be0e56ba7adc902b commit 30bb70e94e1bed9b4c2953b7be0e56ba7adc902b Author: Dave Cottlehuber <dch@FreeBSD.org> AuthorDate: 2022-03-25 17:14:19 +0000 Commit: Dave Cottlehuber <dch@FreeBSD.org> CommitDate: 2022-03-25 17:14:19 +0000 lang/crystal: fix broken base SSL usage crystal needs pkgconfig to determine precisely which SSL variant is present, and patch itself accordingly, but this is not present in FreeBSD base. Patch directly, what would have been provided by pkgconfig, for currently supported FreeBSD versions. PR: 257658 Approved by: greg@unrelenting.technology (maintainer) Differential Revision: https://reviews.freebsd.org/D31435 lang/crystal/Makefile | 21 +++++++++++++++- .../extra-patch-src_openssl_lib__crypto.cr (new) | 27 +++++++++++++++++++++ .../extra-patch-src_openssl_lib__ssl.cr (new) | 28 ++++++++++++++++++++++ 3 files changed, 75 insertions(+), 1 deletion(-)