LibreSSL compatibility?

[pgroce]

I don't know if this counts as a bug or a feature request; you be the judge. Also, I apologize for my lack of facility with R; my current role is as a systems integrator, not an end-user.

I'm trying to build openssl on an Alpine Linux system. (As part of producing a Docker image, FWIW.) openssl is one of the dependency packages for an R package I want to install. Alpine recently changed its default OpenSSL API provider from OpenSSL to LibreSSL. This seems to be causing problems when loading your package.

I'm attaching the output of install.packages(... keep_outputs=TRUE), but the crux of the problem seems to be:

Error in dyn.load(file, DLLpath = DLLpath, ...) : 
  unable to load shared object '/usr/lib/R/library/openssl/libs/openssl.so':
  Error relocating /usr/lib/R/library/openssl/libs/openssl.so: RSA_get0_crt_params: symbol not found

(The build output complains about other *_get0_* functions, which I haven't investigated. Being unfamiliar with the codebase, they might be problems, too.)

Looking at the OpenSSL and LibreSSL source code, it seems that RSA_get0_crt_params is, indeed, not present in the LibreSSL codebase. LibreSSL is known to have tried to improve OpenSSL's security by removing code whose risk is deemed to exceed its usefulness; I suspect RSA_get0_crt_params and friends are casualties of that.

First, do you think I'm correct in concluding that your package isn't compatible with LibreSSL? My apologies if I'm misdiagnosing my problem.

Assuming I'm correct, have you thought about supporting LibreSSL (or at least looking into it if you haven't)? From a cursory understanding derived from researching this problem, "LibreSSL support" mostly seems to mean

#ifndef LIBRESSL_VERSION_NUMBER 
<do unsupported openssl thing> 
#else 
<complain and error out>
#endif

Most of the things LibreSSL has disabled are problematic anyway (e.g. SSLv3). Here's an example of a project working with both libraries that I came across.

I'm going to continue trying to work around the problem, but I thought I would bring it to your attention. Thanks for your work on this package.

[jeroen]

Fixed @ https://github.com/jeroenooms/openssl/commit/0f3aa39064811cb1d36a34e51924f3cb3e43eee1. Thanks!

[jeroen]

The new version is now on CRAN. Can you confirm that it works now?

install.packages("openssl")

[pgroce]

I'm very sorry for the late response, but I haven't been able to get this back on my priority list for a while. I can confirm that the openssl package builds and installs successfully against libressl.

Alas, I don't think using libressl in R is as easy as just modifying this library; git2r also appears to depend on C-level openssl, and expects symbols to exist that don't seem to in libressl. Time to file another bug elsewhere, I suppose. :)

Notwithstanding that, I think this bug can be closed. If I run into any bad behavior directly related to this package, I'll let you know.

phil

On Tue, Jan 3, 2017 at 9:00 AM, Jeroen Ooms notifications@github.com wrote:

The new version is now on CRAN. Can you confirm that it works now?

install.packages("openssl")

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/jeroenooms/openssl/issues/37#issuecomment-270119839, or mute the thread https://github.com/notifications/unsubscribe-auth/ADXu6PYS0JlrfQSi6dxKmw-_uKpg8jVeks5rOlSBgaJpZM4LXVeO .