Bug 224320 - net-im/ejabberd: Does not start when built against LibreSSL
Summary: net-im/ejabberd: Does not start when built against LibreSSL
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ashish SHUKLA
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-13 09:57 UTC by Romain Tartière
Modified: 2017-12-26 21:31 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (ashish)


Attachments
Update diff to 17.11 (60.50 KB, patch)
2017-12-21 18:17 UTC, Ashish SHUKLA
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Romain Tartière freebsd_committer 2017-12-13 09:57:12 UTC
Hi

I have a setup where ejabberd runs with TLS and authenticate users to LDAP over TLS too.  When switching from security/openssl to security/libressl, the server build fine but does not start:

--------------------------8<--------------------------
2017-12-13 09:59:57.769 [info] <0.14018.0> Application ssl started on node ejabberd@localhost
2017-12-13 09:59:57.788 [info] <0.14018.0> Application p1_utils started on node ejabberd@localhost
2017-12-13 09:59:57.820 [info] <0.14018.0> Application fast_yaml started on node ejabberd@localhost
2017-12-13 09:59:57.842 [error] <0.14129.0>@erl_ddll:format_error:239 CRASH REPORT Process <0.14129.0> with 0 neighbours exited with reason: bad argument in call to erl_ddll:format_error_int({load_failed,"Failed to load NIF library: '/usr/local/lib/erlang/lib/ejabberd-17.09/lib/fast_tls..."}) in erl_ddll:format_error/1 line 239
2017-12-13 09:59:57.843 [error] <0.14128.0>@erl_ddll:format_error:239 Supervisor fast_tls_sup had child fast_tls started with fast_tls:start_link() at undefined exit with reason bad argument in call to erl_ddll:format_error_int({load_failed,"Failed to load NIF library: '/usr/local/lib/erlang/lib/ejabberd-17.09/lib/fast_tls..."}) in erl_ddll:format_error/1 line 239 in context start_error
2017-12-13 09:59:57.843 [error] <0.14126.0> CRASH REPORT Process <0.14126.0> with 0 neighbours exited with reason: {{shutdown,{failed_to_start_child,fast_tls,{badarg,[{erl_ddll,format_error_int,[{load_failed,"Failed to load NIF library: '/usr/local/lib/erlang/lib/ejabberd-17.09/lib/fast_tls-1.0.16/priv/lib/fast_tls.so: Undefined symbol \"OPENSSL_cleanup\"'"}],[]},{erl_ddll,format_error,1,[{file,"erl_ddll.erl"},{line,239}]},{fast_tls,load_nif,1,[{file,"src/fast_tls.erl"},{line,444}]},{fast_tls,init,1,[{file,"src/fast_tls.erl"},{line,89}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,328}]},{proc_lib,...}]}}},...} in application_master:init/4 line 134
2017-12-13 09:59:57.844 [critical] <0.14049.0>@ejabberd:exit_or_halt:131 failed to start application 'fast_tls': {error,
                                         {{shutdown,
                                           {failed_to_start_child,fast_tls,
                                            {badarg,
                                             [{erl_ddll,format_error_int,
                                               [{load_failed,
                                                 "Failed to load NIF library: '/usr/local/lib/erlang/lib/ejabberd-17.09/lib/fast_tls-1.0.16/priv/lib/fast_tls.so: Undefined symbol \"OPENSSL_cleanup\"'"}],
                                               []},
                                              {erl_ddll,format_error,1,
                                               [{file,"erl_ddll.erl"},
                                                {line,239}]},
                                              {fast_tls,load_nif,1,
                                               [{file,"src/fast_tls.erl"},
                                                {line,444}]},
                                              {fast_tls,init,1,
                                               [{file,"src/fast_tls.erl"},
                                                {line,89}]},
                                              {gen_server,init_it,6,
                                               [{file,"gen_server.erl"},
                                                {line,328}]},
                                              {proc_lib,init_p_do_apply,3,
                                               [{file,"proc_lib.erl"},
                                                {line,247}]}]}}},
                                          {fast_tls_app,start,[normal,[]]}}}
2017-12-13 09:59:57.844 [info] <0.14018.0> Application fast_tls exited with reason: {{shutdown,{failed_to_start_child,fast_tls,{badarg,[{erl_ddll,format_error_int,[{load_failed,"Failed to load NIF library: '/usr/local/lib/erlang/lib/ejabberd-17.09/lib/fast_tls-1.0.16/priv/lib/fast_tls.so: Undefined symbol \"OPENSSL_cleanup\"'"}],[]},{erl_ddll,format_error,1,[{file,"erl_ddll.erl"},{line,239}]},{fast_tls,load_nif,1,[{file,"src/fast_tls.erl"},{line,444}]},{fast_tls,init,1,[{file,"src/fast_tls.erl"},{line,89}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,328}]},{proc_lib,...}]}}},...}
--------------------------8<--------------------------

I tried different versions of the fast_tls dependency and got the following results:

1.0.17 - Does not start (Undefined symbol "OPENSSL_cleanup")
1.0.16 - Does not start (Undefined symbol "OPENSSL_cleanup") (version currently packaged)
1.0.15 - Does not start (Undefined symbol "OPENSSL_cleanup")
1.0.14 - Does not start (Undefined symbol "OPENSSL_cleanup")
1.0.13 - Does not start (Undefined symbol "OPENSSL_cleanup")
1.0.12 - OK
1.0.11 - OK
1.0.10 - OK
1.0.9 - OK
1.0.8 - Not tested (Not supported according to CHANGELOG)

Can you please consider repackaging ejabberd dependencies with an older version of fast_tls while a fix is being worked on?
Comment 1 Romain Tartière freebsd_committer 2017-12-13 10:14:32 UTC
D'oh, a fix was committed a few days ago:
https://github.com/processone/fast_tls/commit/a2b2154d11280becbf3077e62f7b5621d52b54fd

There was no release including this fix yet, but I am currently running on top of master and everything looks fine!
Comment 2 Ashish SHUKLA freebsd_committer 2017-12-14 18:30:38 UTC
(In reply to Romain Tartière from comment #1)

Let me try updating ejabberd to 17.11 including that fast_tls diff.

Thanks for letting me know.
Comment 3 Ashish SHUKLA freebsd_committer 2017-12-21 18:17:15 UTC
Created attachment 189012 [details]
Update diff to 17.11

- Update to 17.11
- Add a diff from master to make it work with LibreSSL
- Add a diff from master to fix a bug in ejabberd_pix module
- Fix kqueue implementation in fs dependency module (need to be pushed upstream)
Comment 4 Ashish SHUKLA freebsd_committer 2017-12-21 18:21:06 UTC
(In reply to Romain Tartière from comment #1)

Hi,

Could you try the diff in attachment 189012 [details] to see if it works for you ? Also, if you can provide feedback with their LE support[1], that will be great.

I'm traveling, and will commit it around December 27, or so.

[1] https://github.com/processone/ejabberd/pull/1959

Thanks!
Comment 5 Romain Tartière freebsd_committer 2017-12-22 20:15:40 UTC
Hi!

I have just recompiled all my ports with an up-to-date ports tree and your patch and updated everything.  It looks like ejabberd is performing well :-)

- Users can authenticate against the LDAP server;
- Users can communicate with each other.

So for me, everything is fine, thanks!


Regarding your request concerning Let's Encrypt support, I do not currently use this.  Have you something specific in mind in respect to this?
Comment 6 Ashish SHUKLA freebsd_committer 2017-12-23 15:37:08 UTC
(In reply to Romain Tartière from comment #5)

For some reason, I thought you use it. If you don't use it, or don't have a use-case, then no worries.

Thank you for the confirmation. I'll commit it, when I get back.
Comment 7 Romain Tartière freebsd_committer 2017-12-25 11:33:09 UTC
Oh, okay :-)

I didn't know about this let's encrypt module module, and it would definitively make sense in my setup, so be assured I will have a look at this in at some point in the future (after new year holiday).  Thank you for the pointer!
Comment 8 commit-hook freebsd_committer 2017-12-26 21:29:26 UTC
A commit references this bug:

Author: ashish
Date: Tue Dec 26 21:28:37 UTC 2017
New revision: 457315
URL: https://svnweb.freebsd.org/changeset/ports/457315

Log:
  - Update to 17.11
  - Add a fix from upstream to make it work with LibreSSL[1]
  - Add a bug fix from upstream w.r.t. ejabberd_pix module
  - Add a fix for kqueue implementation in 'fs' dependency module
  - Remove FreeBSD sed workaround

  PR:		224320 [1]
  Submitted by:	romain [1]

Changes:
  head/net-im/ejabberd/Makefile
  head/net-im/ejabberd/distinfo
  head/net-im/ejabberd/files/patch-Makefile.in
  head/net-im/ejabberd/files/patch-deps_fast__tls_c__src_fast__tls.c
  head/net-im/ejabberd/files/patch-deps_fs_c__src_bsd_main.c
  head/net-im/ejabberd/files/patch-deps_fs_src_sys_kqueue.erl
  head/net-im/ejabberd/files/patch-ejabberdctl.template
  head/net-im/ejabberd/files/patch-src_ejabberd__pkix.erl
  head/net-im/ejabberd/files/pkg-install.in
  head/net-im/ejabberd/pkg-plist
Comment 9 Ashish SHUKLA freebsd_committer 2017-12-26 21:31:01 UTC
(In reply to Romain Tartière from comment #7)

I have tested it with one of my domain names, and it seems to work as expected (at least initial certificate procurement part).

Also thanks, committed the update.