Building Driver Binaries for use with OpenSSL 1.1.1

[Yuval Shteinitz]

Hello,

I am attempting to build the C++ driver to run on an Ubuntu machine with OpenSSL 1.1.1. I am not allowed to statically link against any other version of OpenSSL.

The binary downloads from https://downloads.datastax.com/cpp-driver/ubuntu/ meet my needs -- if you examine them with `nm`, you can see that they differ, as SSL_library_init() was removed from newer versions of OpenSSL:

Ubuntu 18.04:

vagrant@ubuntu-bionic:/vagrant$ nm /usr/lib/x86_64-linux-gnu/libcassandra_static.a | grep 'SSL_library_init\|OPENSSL_init_ssl'

                 U OPENSSL_init_ssl

Ubuntu 16.04:

vagrant@ubuntu-xenial:/vagrant/src/cass$ nm /usr/lib/x86_64-linux-gnu/libcassandra_static.a | grep 'SSL_library_init\|OPENSSL_init_ssl'

                 U SSL_library_init

Unfortunately, I have been unable to figure out how to build the Ubuntu 18.04 version from the source code on https://github.com/datastax/cpp-driver/. It looks like the code there is hard-coded to make the OpenSSL 1.0.2 calls (SSL_library_init()), not the OpenSSL 1.1.1. calls (OPENSSL_init_ssl()) -- see, for example, the OpenSslContextFactory::internal_init() method in https://github.com/datastax/cpp-driver/blob/master/src/ssl/ssl_openssl_impl.cpp#L623. 

Is there some branch I'm missing where this functionality is available? Some magic cmake parameter I'm missing? or is this ability still not available in the open source version?

Thanks!

Yuval

[Fero]

Hello Yuval,

The C/C++ driver builds against either OpenSSL v1.0.x or v1.1.x. The latest Ubuntu 18.04 LTS is using OpenSSL v1.1.1 as you mentioned and does not have any known build issues when using the system installed packages.

Here is a small script I used to execute a build of the C/C++ driver using the master branch for the static library only:

#!/bin/bash

pkg-config libssl --modversion

git clone https://github.com/datastax/cpp-driver.git

mkdir cpp-driver/build

(

  cd cpp-driver/build

  cmake -DCASS_BUILD_SHARED=Off -DCASS_BUILD_STATIC=On ..

  make -j$(nproc)

)

As far as the SSL_library_init() call it has been deprecated since OpenSSL v1.1.0; however, it is still present in the current release of OpenSSL v1.1.1, see https://www.openssl.org/docs/man1.1.1/man3/SSL_library_init.html. The newer method OpenSSL_add_ssl_algorithms should be and is called in our OpenSSL implementation for the C/C++ driver. Since we no longer support OpenSSL < v1.0.0 so it will be safe to remove this method call from the code base; you can follow this issue in CPP-911. Regardless of this new ticket to remove the method call you shouldn't have any issues building the driver from master as described above.

~Fero

[Yuval Shteinitz]

Thank you, Fero. It turns out my issue was due to the following:

1. I was building on Ubuntu 16.04, and attempting to link against a set of OpenSSL 1.1.1 libraries in my build directory, which was obviously different from the platform's OpenSSL 1.0.2 libraries.
2. To achieve that, I specified the Cassandra cpp-driver OPENSSL_ROOT_DIR parameter, like so:
   
   -DOPENSSL_ROOT_DIR=${CMAKE_PREFIX_PATH}/lib
3. Turns out this was insufficient: I also had to provide the following parameter:
   
   -DOPENSSL_INCLUDE_DIR=${CMAKE_PREFIX_PATH}/include

Once I provided the OPENSSL_INCLUDE_DIR parameter, the resulting libcassandra_static.a finally referenced the OpenSSL 1.1.1 symbols:

$ nm ./build/third_party/lib/libcassandra_static.a | grep 'SSL_library_init\|OPENSSL_init_ssl'
                 U OPENSSL_init_ssl

Thanks for your response, it made it clear that the issue was on my end. Appreciate your time!

Yuval