Uploaded image for project: 'MongoDB Shell'
  1. MongoDB Shell
  2. MONGOSH-1850

Show message to the users when shell fails to load due to OpenSSL configuration

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • 3
    • Developer Tools

      Amazon Linux 2023
      Is this a known issue?

      [ec2-user@ip-172-31-10-163 ~]$ mongosh
mongosh: OpenSSL configuration error:
40085B80997F0000:error:030000A9:digital envelope routines:alg_module_init:unknown option:../deps/openssl/openssl/crypto/evp/evp_cnf.c:61:name=rh-allow-sha1-signatures, value=yes

      Created with Jira Integration+ for basit.chonka (basit.chonka@mongodb.com)

      Discussion captured from a Slack Channel - added by Integration+

      renato: Amazon Linux 2023
      Is this a known issue?

      [ec2-user@ip-172-31-10-163 ~]$ mongosh
mongosh: OpenSSL configuration error:
40085B80997F0000:error:030000A9:digital envelope routines:alg_module_init:unknown option:../deps/openssl/openssl/crypto/evp/evp_cnf.c:61:name=rh-allow-sha1-signatures, value=yes

      Basit Chonka: hm, its not! we are running e2e tests against amazon 2023 and the ci seems ok there. i'll look into this.
      qq: what version of mongosh are you running (or trying to run)?
      renato: I just installed mongodb 7.0 ent from the official repo
      renato: i just deleted the vm and moved to ubuntu because I need to quickly do a test but I can retry in a bit
      matthew.thompson: Pretty sure it's a known issue, I've seen it myself
      matthew.thompson: https://www.mongodb.com/docs/mongodb-shell/install/#install-mongosh-1
      matthew.thompson: I think you need to install one of those openssl packages
      renato: ah thanks!
      renato: would be nice to have a more meaningful error suggesting what to do or giving a link
      Basit Chonka: thanks matthew.thompson. this does seem to be that. I am not sure if we already have a ticket for this (or has been discussed before), but if we don't i'll create follow up.
      matthew.thompson: basit.chonka@mongodb.com yeah, something more official would be helpful ... every time i ran into this error i'd google it and find a MongoDB Community forum post where someone gave the solution :slightly_smiling_face:
      Anna Henningsen: Yeah, if you search Slack for rh-allow-sha1-signatures you'll find a few instances as well :slightly_smiling_face:

      Underlying problem is that the default version of mongosh ships with a statically linked OpenSSL 3 version that's coming directly from Node.js, which doesn't understand this option that can be found in system OpenSSL configs (and mongosh is configured to ingest those configs). Using the dynamic/shared-OpenSSL versions of mongosh circumvents this issue.

      We could try to present the user with a better error message here, true. Feel free to open a ticket about that

            Assignee:
            Unassigned Unassigned
            Reporter:
            basit.chonka@mongodb.com Basit Chonka
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: