Open yaakov-h opened 10 months ago
libgit2 already supports OpenSSL 3, and we test against Ubuntu 22.04 in the LibGit2Sharp repo, and everything works fine. I've also done some extra manual testing recently, and haven't been able to reproduce the problem you're describing.
Ran into the same issue with .NET8 Web App hosted on Containers using 0.27.0-preview-0175
. could not load ssl libraries
This is built against mcr.microsoft.com/dotnet/aspnet:8.0
and mcr.microsoft.com/dotnet/sdk:8.0
The stack trace was the same.
LibGit2Sharp.LibGit2SharpException:
at LibGit2Sharp.Core.Ensure.HandleError (LibGit2Sharp, Version=0.27.0.0, Culture=neutral, PublicKeyToken=7cbde695407f0333: /_/LibGit2Sharp/Core/Ensure.cs:154)
at LibGit2Sharp.Core.Ensure.ZeroResult (LibGit2Sharp, Version=0.27.0.0, Culture=neutral, PublicKeyToken=7cbde695407f0333: /_/LibGit2Sharp/Core/Ensure.cs:172)
at LibGit2Sharp.Core.Proxy.git_clone (LibGit2Sharp, Version=0.27.0.0, Culture=neutral, PublicKeyToken=7cbde695407f0333: /_/LibGit2Sharp/Core/Proxy.cs:275)
at LibGit2Sharp.Repository.Clone (LibGit2Sharp, Version=0.27.0.0, Culture=neutral, PublicKeyToken=7cbde695407f0333: /_/LibGit2Sharp/Repository.cs:793)
The resolution was also the same - we just had to install the OpenSSL 1.1 libraries into the final
.NET container:
RUN apt-get update \
&& apt-get install -y wget \
&& wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb \
&& dpkg -i libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb \
&& rm -f libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb
@johnbailey-transactcampus You really shouldn't need to do that. It works just fine with OpenSSL 3. I have tests that run against OpenSSL 3 that prove that.
If you can provide me with a sample project that I use to reproduce it, I'll take another look, but all of my testing indicates this shouldn't be required.
Just from perusing the code, it looks like we might be hitting this old path - where openssl3.0 is not in libgit2? This is just an uneducated guess, though.
Sadly, the project where this repro'ed is proprietary and closed-source, so I can't give you an example to work with; however, it should be easy enough (in theory) to reproduce by creating a web app hosted on the default .NET containers and adding the LibGit2Sharp NuGet package (0.20.0-preview-0175) and calling clone - or, in the case of op, remote connect.
I can confirm openssl 3.0 comes standard on the .NET8 containers, so this would - generally - result in pointing back to that handle load block I referenced earlier in this comment as being the culprit.
docker run -it --rm --entrypoint=/bin/bash mcr.microsoft.com/dotnet/aspnet:8.0
root@a2579d7876bd:/# openssl version
OpenSSL 3.0.11 19 Sep 2023 (Library: OpenSSL 3.0.11 19 Sep 2023)
LibGit2Sharp NuGet package (0.20.0-preview-0175)
That version is old and out of date. You should definitely update to the latest version and then see if you still have the problem. It's quite likely that the libgit2 version contained in that preview version doesn't work with OpenSSL 3.
Using a project with
LibGit2Sharp
built withdotnet publish --configuration Release --runtime linux-x64 --no-self-contained
, resulting inlibgit2-e632535.so
, and running on .NET 6.0.415.By using
strace
with some trial-and-error, it seems that LibGit2Sharp requires OpenSSL 1.1, but Ubuntu 22.04 (and higher, I assume) only ship with OpenSSL 3.As a workaround, installing http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb fixes the issue and lets LibGit2Sharp run.
What needs to be done to make this work with OpenSSL 3?