Support for openssl3.x

[大久保翔平]

Hello Team.
Nice to meet you, this is Shohei Okubo.

Could you please answer following question?

 [Question]
* Do you have any plans to release C++ Driver for Apache Cassandra to support OpenSSL 3.x?

 

[Background]
* We are using an application called TestRail, which requires Apache Cassandra and C++ Driver for Apache Cassandra during its installation.
* We are currently considering upgrading our environment to ubuntu22.04, but ubuntu22.04 supports OpenSSL 3.x as default and does not support 1.x.
* We know that we can avoid this problem with installing the 1.x manually, but we would like to use the 3.x if possible because 1.x EOL is coming soon.

Sincerely,
Shohei Okubo.

[Bret McGuire]

   Thanks for the question Shohei!  We don't have any current plans to migrate to OpenSSL 3.x but it's definitely something we should explore.  I've opened CPP-984 to take a deeper look at what such a migration would entail.  If you have any comments or additional info I'd certainly encourage you to add them to that ticket.

   Thanks again!

 - Bret -

[大久保翔平]

Hi Bret-san

Thank you for your response and ticket creation.

Sorry, my question was bad.
I was aware that OpenSSl3 series support = libssl3 series support.
Is it correct that the support for libssl3 series corresponds to the following in cpp driver 2.17?
> https://github.com/datastax/cpp-driver/pull/528

Sincerely,
Shohei Okubo.

2023年8月10日木曜日 2:01:35 UTC+9 Bret McGuire:

[Bret McGuire]

   I'm afraid the PR you reference aims to add support for newer versions LibreSSL, a cryptography/TLS implementation which is an alternative to OpenSSL.  LibreSSL was forked from OpenSSL 1.0.1g (although it's since diverged significantly) and has no support for the OpenSSL 3 API.  So this PR is not related to supporting OpenSSL 3.x within the Cassandra driver; for that you'd need to follow the newly-created JIRA ticket.

   Thanks again!

   - Bret -

[大久保翔平]

Hi Bret-san

Thank you for your response.
I understand that you are not supporting OpenSSL3 series, but the new version of LibreSSL.

Sincerely,
Shohei Okubo.

2023年8月15日火曜日 14:48:50 UTC+9 Bret McGuire:

[大久保翔平]

Hi Bret-san

Sorry, I have an additional question.

The documentation in the following link states that you can use the default installed packages in ubuntu.
> https://github.com/datastax/cpp-driver/tree/master/topics#dependencies
OpenSSL3 (libssl3) is used by default in ubuntu 22.04.
Am I correct in understanding that the package libssl that cpp-driver2.17 depends on is libssl3, but does not actually support OpenSSL3?

===============================================================
root@ip-172-16-11-49:~# dpkg -l | grep cpp-driver
ii  cassandra-cpp-driver               2.17.0-1                                amd64        C/C++ client driver for Apache Cassandra and DataStax Products - runtime library

root@ip-172-16-11-49:~# apt-cache depends cassandra-cpp-driver
cassandra-cpp-driver
  PreDepends: libc6
  Depends: libc6
  Depends: libgcc-s1
  Depends: libssl3
  Depends: libstdc++6
  Depends: libuv1
  Depends: zlib1g

root@ip-172-16-11-49:~# dpkg -l | grep libssl3
ii  libssl3:amd64                      3.0.2-0ubuntu1.10                       amd64        Secure Sockets Layer toolkit - shared libraries

root@ip-172-16-11-49:~# dpkg -l | grep -i openssl
ii  libcurl4:amd64                     7.81.0-1ubuntu1.13                      amd64        easy-to-use client-side URL transfer library (OpenSSL flavour)
ii  libssh-4:amd64                     0.9.6-2ubuntu0.22.04.1                  amd64        tiny C SSH library (OpenSSL flavor)
ii  libxmlsec1-openssl:amd64           1.2.33-1build2                          amd64        Openssl engine for the XML security library
ii  openssl                            3.0.2-0ubuntu1.10                       amd64        Secure Sockets Layer toolkit - cryptographic utility
ii  python3-openssl                    21.0.0-1                                all          Python 3 wrapper around the OpenSSL library
ii  python3-service-identity           18.1.0-6                                all          Service identity verification for pyOpenSSL (Python 3 module)
ii  ssl-cert                           1.1.2                                   all          simple debconf wrapper for OpenSSL
===============================================================

Sincerely,
Shohei Okubo.

2023年8月17日木曜日 9:49:36 UTC+9 大久保翔平:

[Bret McGuire]

   You're exactly right, Shohei!  Ubuntu 22.04 is moving to OpenSSL 3.x and we do not currently support that version of OpenSSL in the Cassandra driver.  I've filed CPP-990 to clarify the language around dependencies so that we account for this.

   Thanks for bringing this to our attention!

  - Bret -

[大久保翔平]

Hi Bret-san

Thank you very much for your response!
I will continue to confirm the CPP-990 as presented.
Thank you for taking time out of your very busy schedule to respond.

Sincerely,
Shohei Okubo.

2023年9月19日火曜日 4:47:15 UTC+9 Bret McGuire:

[Bret McGuire]

   Happy to help Shohei!

   For the record, while looking into this issue for CPP-990 it became clear that we're already testing against OpenSSL 3.x on two of our test platforms (Ubuntu 22.04 "Jammy" and Rocky Linux 9) and in each case our test suite passes without problems.  As a result we're changing our documentation to indicate that OpenSSL 3.x should work fine with the C++ driver.  The actual change in documentation is being implemented in the PR for CPP-990.

   So I would expect that you could use OpenSSL 3.x without any major problems.

   - Bret -