[package] librdkafka: openssl version range fails when only 1.1.1x versions in remote

[sourcedelica]

Description

The openssl requirement for librdkafka is

        if self.options.ssl:
            self.requires("openssl/[>=1.1 <4]")

If the remote you are using only has 1.1.1x versions (for example 1.1.1s) then installs of librdkafka with -o librdkafka:ssl=True fail with an error like:

ERROR: Version range '>=1.1 <4' from requirement 'openssl/[>=1.1 <4]' required by 'librdkafka/1.8.2@third-party/test' could not be resolved in remote 'conan-local-dev'

The underlying problem is

>>> from semver import max_satisfying
>>> max_satisfying(['1.1.1s'], '>=1.1 <4', loose=False)
Traceback (most recent call last):
...
ValueError: Invalid Version: 1.1.1s
>>> max_satisfying(['1.1.1s'], '>=1.1 <4', loose=True)
>>> max_satisfying(['3.1.0'], '>=1.1 <4', loose=True)
'3.1.0'

Package and Environment Details

• Package Name/Version: librdkafka
• Conan version: conan 1.60.1
• Python version: Python 3.7.4

Conan profile

[settings] arch=x86_64 arch_build=x86_64 build_type=Debug compiler=Visual Studio compiler.runtime=MDd compiler.version=16 os=Windows os_build=Windows [options] [build_requires] [env]

Steps to reproduce

conan install librdkafka/1.8.2@

Logs

Click to expand log

``` Exporting package recipe librdkafka/1.8.2@third-party/test exports: File 'conandata.yml' found. Exporting it... librdkafka/1.8.2@third-party/test exports: Copied 1 '.yml' file: conandata.yml librdkafka/1.8.2@third-party/test: Calling export_sources() librdkafka/1.8.2@third-party/test: A new conanfile.py version was exported librdkafka/1.8.2@third-party/test: Folder: C:\Users\EPederson\.conan\data\librdkafka\1.8.2\third-party\test\export librdkafka/1.8.2@third-party/test: Using the exported files summary hash as the recipe revision: 9aabc61797c5c022fb945bd6e220a6b8 librdkafka/1.8.2@third-party/test: Package recipe modified in export, forcing source folder removal librdkafka/1.8.2@third-party/test: Use the --keep-source, -k option to skip it librdkafka/1.8.2@third-party/test: Exported revision: 9aabc61797c5c022fb945bd6e220a6b8 Configuration: [settings] arch=x86_64 arch_build=x86_64 build_type=Debug compiler=Visual Studio compiler.runtime=MDd compiler.version=16 os=Windows os_build=Windows [options] librdkafka:shared=True librdkafka:ssl=True librdkafka:zlib=True [build_requires] [env] ERROR: Version range '>=1.1 <4' from requirement 'openssl/[>=1.1 <4]' required by 'librdkafka/1.8.2@third-party/test' could not be resolved in remote 'conan-local-dev' ```

[maksim-petukhov]

I also use openssl 1.1.1X and have the same issue with other packages that use version ranges for openssl (qt, for example). Maybe this is a conan client issue and should be fixed? @memsharded

[jcar87]

Hi @sourcedelica, @maksim-petukhov. This is a limitation of Conan 1.x, which cannot correctly "order" the precedence of 1.1.1s, 1.1.1t, etc - when using Conan 2.0, if only OpenSSL 1.x is in the remote, it should be resolved correctly.

Please note that the strong intention in Conan Center is to move towards using OpenSSl 3.0 or greater. The version range is used to avoid modifying recipes in the future and avoid hard version conflicts in Conan 2.0, however, if we had kept the previous approach, most recipes by now would be hardcoded to use OpenSSL 3.0 or greater.

Please be advised that the OpenSSL 1.1.1 is nearing its end-of-life this coming September: https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/ - given that security patches will not be made publicly available after that date, and also considering how critical OpenSSL is from a security perspective, we would greatly discourage continued use of OpenSSL 1.1.1 beyond that date.

From what we have seen in Conan Center, the vast majority of recipes that depend on OpenSSL are perfectly compatible with versions in the 3.x series without any further changes - is this a viable option for you? Or alternatively, moving towards Conan 2.0.