Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 6.1.0-rc0
Affects Version/s: 6.0.0-rc1
Component/s: Field Level Encryption
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Steps To Reproduce:

Hide

https://gist.github.com/addaleax/c3bdcab028a42d1f32455a9436a1c298 (ran this on a suse12-small evg spawn host)

Show
https://gist.github.com/addaleax/c3bdcab028a42d1f32455a9436a1c298 (ran this on a suse12-small evg spawn host)
Sprint:
Security 2022-05-02, Security 2022-05-16

Initializing the csfle shared library fails on RHEL 7.6, SLES 12, and possibly others.

In a standalone binary that only loads the shared library, dlopen() fails with:

symbol SSL_CTX_get0_certificate, version OPENSSL_1.0.0 not defined in file libssl.so.1.0.0 with link time reference

In a Node.js process (where OpenSSL is statically linked in – tested with Node.js 14.19.1/OpenSSL 1.1.1n), lib_create() fails with:

csfle lib_create() failed: Global initialization failed :: caused by :: Can not set supported cipher suites with config string "HIGH:!EXPORT:!aNULL@STRENGTH": error:08064066:object identifier routines:OBJ_create:oid exists [Error 2, code 140]

This has some potential overlap with ~~SERVER-63703~~ in that removing uses of OpenSSL inside the shared library seems like a good potential fix.

is related to

SERVER-65902 csfle library: initialization segfaults on Amazon2 arm64

Closed

related to

SERVER-63703 csfle library: remove unnecessary libs

Closed

Assignee:: Sergey Galtsev (Inactive)

Reporter:: Anna Henningsen

Participants:: Anna Henningsen, Sergey Galtsev

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: Apr 22 2022 03:03:56 PM UTC

Updated:: Oct 29 2023 09:39:08 PM UTC

Resolved:: May 04 2022 03:31:29 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates