Bug 257658 - lang/crystal: 1.1.1 fails to detect openssl version, breaking linking stage
Summary: lang/crystal: 1.1.1 fails to detect openssl version, breaking linking stage
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Dave Cottlehuber
URL: https://reviews.freebsd.org/D31435
Keywords:
Depends on:
Blocks:
 
Reported: 2021-08-06 14:08 UTC by Matthias Andree
Modified: 2022-05-11 11:26 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (val)


Attachments
tail of poudriere failed log for net/avalanchemq (5.17 KB, text/plain)
2021-08-06 15:32 UTC, Dave Cottlehuber
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Andree freebsd_committer freebsd_triage 2021-08-06 14:08:15 UTC
lang/crystal's openssl integration is unable to work with OpenSSL providers that do not provide a pkg-config.

Trigger:
compile avalanchemq from https://reviews.freebsd.org/D31410 and see linker errors that look like the OpenSSL module is expecting an ancient OpenSSL API, not 1.1.1's.

Debugging this with dch on IRC, I find this on FreeBSD 13.0:

1. Crystal's openssl modules, through /usr/local/lib/crystal/openssl/lib_ssl.cr, tries to derive the OpenSSL version like so:
    {% ssl_version = `hash pkg-config 2> /dev/null && pkg-config --silence-errors --modversion libssl || printf %s 0.0.0`.split.last.gsub(/[^0-9.]/, "") %}

Now, FreeBSD's base OpenSSL does not provide the typical libssl.pc, libcrypto.pc or openssl.pc files, so this line comes up with version 0.0.0 as a fallback.

This however causes the Crystal OpenSSL code to use an old OpenSSL API version which expects all sorts of outdated symbols from the libraries, which 1.1.1 no longer provides.

I am unaware of the Crystal language, so I cannot provide a fix.

Please patch Crystal in a way that it properly detects the OpenSSL version (1.1.1k as of 13.0-RELEASE) and uses the right API.
Comment 1 Matthias Andree freebsd_committer freebsd_triage 2021-08-06 14:23:32 UTC
victim is project member, assign.
Comment 2 Dave Cottlehuber freebsd_committer freebsd_triage 2021-08-06 15:32:56 UTC
Created attachment 226992 [details]
tail of poudriere failed log for net/avalanchemq
Comment 3 Matthias Andree freebsd_committer freebsd_triage 2021-08-06 15:38:51 UTC
Comment on attachment 226992 [details]
tail of poudriere failed log for net/avalanchemq

Note that these symbols are the result of Crystal's lib_ssl/lib_crypto assuming an old OpenSSL API, because it's misdetecting the version.  These symbols have been gone and renamed or replaced by different APIs on OpenSSL 1.1.0, and Crystal uses old interfaces. For instance, EVP_MD_CTX_create() is EVP_MD_CTX_new() in newer OpenSSL versions, SSLv23_method is TLS_method, and SSL_library_init() is gone.

Crystal basically and generally knows to handle these, and replacing the first few lines of lib_crypto.cr by these

{% begin %}
  lib LibCrypto
      OPENSSL_VERSION = "1.1.1"
  end
{% end %}

or the version detection macro set from line 7 to 24 in lib_ssl.cr (both .cr files in $PREFIX/lib/crystal/openssl/) by

{% begin %}
  lib LibSSL
      LIBRESSL_VERSION = "0.0.0"
      OPENSSL_VERSION = "1.1.1"
  end
{% end %}

is good enough to compile something on FreeBSD 13.0.
Comment 4 Dave Cottlehuber freebsd_committer freebsd_triage 2021-08-08 15:43:18 UTC
See https://reviews.freebsd.org/D31435 for a reasonable attempt at patching this.
I've manually checked that SSL_DEFAULT skips both patches and replacement, and
waiting now on poudriere test run to see how that goes.
Comment 5 Dave Cottlehuber freebsd_committer freebsd_triage 2022-02-23 08:17:28 UTC
Greg - thoughts on accepting my patch?

https://reviews.freebsd.org/D31435

Upstream isn't fixing it any time soon AFAICT.
Comment 6 Val Packett 2022-02-24 00:59:09 UTC
(In reply to Dave Cottlehuber from comment #5)

Oh, sorry, I forgot about this..

I'll retest tomorrow and approve.
This is the only solution for existing FreeBSD releases.
But I would like to also add the openssl pc files to base.
Comment 7 commit-hook freebsd_committer freebsd_triage 2022-03-25 17:15:06 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=30bb70e94e1bed9b4c2953b7be0e56ba7adc902b

commit 30bb70e94e1bed9b4c2953b7be0e56ba7adc902b
Author:     Dave Cottlehuber <dch@FreeBSD.org>
AuthorDate: 2022-03-25 17:14:19 +0000
Commit:     Dave Cottlehuber <dch@FreeBSD.org>
CommitDate: 2022-03-25 17:14:19 +0000

    lang/crystal: fix broken base SSL usage

    crystal needs pkgconfig to determine precisely which SSL variant is
    present, and patch itself accordingly, but this is not present in
    FreeBSD base. Patch directly, what would have been provided by
    pkgconfig, for currently supported FreeBSD versions.

    PR:          257658
    Approved by: greg@unrelenting.technology (maintainer)
    Differential Revision: https://reviews.freebsd.org/D31435

 lang/crystal/Makefile                              | 21 +++++++++++++++-
 .../extra-patch-src_openssl_lib__crypto.cr (new)   | 27 +++++++++++++++++++++
 .../extra-patch-src_openssl_lib__ssl.cr (new)      | 28 ++++++++++++++++++++++
 3 files changed, 75 insertions(+), 1 deletion(-)