-
Type: Bug
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: 6.0.0-rc1
-
Component/s: Field Level Encryption
-
None
-
Fully Compatible
-
ALL
-
-
Security 2022-05-02, Security 2022-05-16
Initializing the csfle shared library fails on RHEL 7.6, SLES 12, and possibly others.
In a standalone binary that only loads the shared library, dlopen() fails with:
symbol SSL_CTX_get0_certificate, version OPENSSL_1.0.0 not defined in file libssl.so.1.0.0 with link time reference
In a Node.js process (where OpenSSL is statically linked in – tested with Node.js 14.19.1/OpenSSL 1.1.1n), lib_create() fails with:
csfle lib_create() failed: Global initialization failed :: caused by :: Can not set supported cipher suites with config string "HIGH:!EXPORT:!aNULL@STRENGTH": error:08064066:object identifier routines:OBJ_create:oid exists [Error 2, code 140]
This has some potential overlap with SERVER-63703 in that removing uses of OpenSSL inside the shared library seems like a good potential fix.
- is related to
-
SERVER-65902 csfle library: initialization segfaults on Amazon2 arm64
- Closed
- related to
-
SERVER-63703 csfle library: remove unnecessary libs
- Closed