Bug 257658 - lang/crystal: 1.1.1 fails to detect openssl version, breaking linking stage
Summary: lang/crystal: 1.1.1 fails to detect openssl version, breaking linking stage
Status: In Progress
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Dave Cottlehuber
URL: https://reviews.freebsd.org/D31435
Keywords:
Depends on:
Blocks:
 
Reported: 2021-08-06 14:08 UTC by Matthias Andree
Modified: 2021-08-08 15:43 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (greg)


Attachments
tail of poudriere failed log for net/avalanchemq (5.17 KB, text/plain)
2021-08-06 15:32 UTC, Dave Cottlehuber
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Andree freebsd_committer 2021-08-06 14:08:15 UTC
lang/crystal's openssl integration is unable to work with OpenSSL providers that do not provide a pkg-config.

Trigger:
compile avalanchemq from https://reviews.freebsd.org/D31410 and see linker errors that look like the OpenSSL module is expecting an ancient OpenSSL API, not 1.1.1's.

Debugging this with dch on IRC, I find this on FreeBSD 13.0:

1. Crystal's openssl modules, through /usr/local/lib/crystal/openssl/lib_ssl.cr, tries to derive the OpenSSL version like so:
    {% ssl_version = `hash pkg-config 2> /dev/null && pkg-config --silence-errors --modversion libssl || printf %s 0.0.0`.split.last.gsub(/[^0-9.]/, "") %}

Now, FreeBSD's base OpenSSL does not provide the typical libssl.pc, libcrypto.pc or openssl.pc files, so this line comes up with version 0.0.0 as a fallback.

This however causes the Crystal OpenSSL code to use an old OpenSSL API version which expects all sorts of outdated symbols from the libraries, which 1.1.1 no longer provides.

I am unaware of the Crystal language, so I cannot provide a fix.

Please patch Crystal in a way that it properly detects the OpenSSL version (1.1.1k as of 13.0-RELEASE) and uses the right API.
Comment 1 Matthias Andree freebsd_committer 2021-08-06 14:23:32 UTC
victim is project member, assign.
Comment 2 Dave Cottlehuber freebsd_committer 2021-08-06 15:32:56 UTC
Created attachment 226992 [details]
tail of poudriere failed log for net/avalanchemq
Comment 3 Matthias Andree freebsd_committer 2021-08-06 15:38:51 UTC
Comment on attachment 226992 [details]
tail of poudriere failed log for net/avalanchemq

Note that these symbols are the result of Crystal's lib_ssl/lib_crypto assuming an old OpenSSL API, because it's misdetecting the version.  These symbols have been gone and renamed or replaced by different APIs on OpenSSL 1.1.0, and Crystal uses old interfaces. For instance, EVP_MD_CTX_create() is EVP_MD_CTX_new() in newer OpenSSL versions, SSLv23_method is TLS_method, and SSL_library_init() is gone.

Crystal basically and generally knows to handle these, and replacing the first few lines of lib_crypto.cr by these

{% begin %}
  lib LibCrypto
      OPENSSL_VERSION = "1.1.1"
  end
{% end %}

or the version detection macro set from line 7 to 24 in lib_ssl.cr (both .cr files in $PREFIX/lib/crystal/openssl/) by

{% begin %}
  lib LibSSL
      LIBRESSL_VERSION = "0.0.0"
      OPENSSL_VERSION = "1.1.1"
  end
{% end %}

is good enough to compile something on FreeBSD 13.0.
Comment 4 Dave Cottlehuber freebsd_committer 2021-08-08 15:43:18 UTC
See https://reviews.freebsd.org/D31435 for a reasonable attempt at patching this.
I've manually checked that SSL_DEFAULT skips both patches and replacement, and
waiting now on poudriere test run to see how that goes.