Closed vv3d0x closed 6 years ago
We currently only support OpenSSL with the bundled version of libmongoc. Supporting other TLS libraries with libmongoc has been on our radar, but I wasn't able to find an existing JIRA ticket for the task. I just created PHPC-888 to track this.
Until then, you should be able to build libmongoc on its own, which will pick up LibreSSL, and install it as a system library. From there, you can pass --with-libmongoc=yes --with-libbson=yes
to configure
when building the driver from source. Note: libbson must also be installed as a system library (per PHPC-873), but libmongoc's build process should take care of that for you.
@jmikola Hello.
Now, only Mongodb-1.1.10 builds with Libressl.
OpenSSL is replaced with LibreSSL in Alpine Linux 3.5.
Mb is some way to compile latest version with libreSSL and pecl?
Thx for your work)
This requires changes to config.m4
to detect additional TLS libraries supported by libmongoc. It will definitely be addressed in 1.3.0 by PHPC-888, although we may decide to backport it to 1.2.x if the fix is portable enough. I don't have an ETA for either case at the moment.
@jmikola Thnx!
@vv3d0x try Mongodb-1.1.10, it will be compiled with LibreSSL without errors
See - https://github.com/ulabs-org/docker-php7/blob/master/Dockerfile
@im-kulikov
See - https://github.com/ulabs-org/docker-php7/blob/master/Dockerfile
I cannot see the file is compiling mongodb over LiberSSL.
@jmikola Do you think compiling with LiberSSL (all PHP, httpd, and mongodb.so) could solve https://github.com/Homebrew/homebrew-core/issues/21475 ?
@sibidharan already changed.. tired of waiting...
Can you assist me with the steps? @im-kulikov
@sibidharan I replace self building with prebuilding.. from Alpine
@sibidharan: I mentioned PHPC-888 a few times in #682. That will allow the driver to link against Secure Transport for TLS/crypto needs on macOS. In regards to this ticket, it would also allow LibreSSL to be utilized on Alpine Linux.
libmongoc has supported linking with libraries other than OpenSSL for some time, but we simply haven't had the development bandwidth to port the necessary changes to our autoconf configuration, which is why PHPC-888 has been kicked from release to release. The current workaround was to install libbson and libmongoc as system libraries on their own, rather than use the bundled versions in the PHP driver, and then build the PHP driver with --with-libmongoc=yes --with-libbson=yes
configure options (described in https://github.com/mongodb/mongo-php-driver/issues/507#issuecomment-270401128).
Technically, adopting that approach in Homebrew could very well fix the problem today. I'm not sure if existing libbson and libmongoc packages exist for Homebrew, but if so, the PHP driver formula could be changed to install from source with those configure options instead of using PECL.
@jmikola - Thank you! It worked. httpd is not crashing anymore. I did these as I said in https://github.com/Homebrew/homebrew-core/issues/21475#issuecomment-350458394, which solved my issue 💯
libmongoc SSL library is Secure Transport now :D
We've just tagged mongodb-1.4.0RC1, which includes PHPC-888 and should allow the driver to use LibreSSL. The following quote is from our soon-to-be-published release notes:
This release overhauls the way the extension configures SSL libraries and adds support for LibreSSL and macOS native SSL (Secure Transport). When building from source,
configure
now supports a--with-mongodb-ssl
option. This defaults toauto
, which will first attempt to use OpenSSL, followed by LibreSSL, and finally Secure Transport (for macOS only, of course). Additionally, you may specifyopenssl
,libressl
, ordarwin
to force a particular library, or specifyno
to disable SSL entirely.
Therefore, you can now build the driver with LibreSSL by providing --with-mongodb-ssl=libressl
as an argument to configure
when compiling from source. If you are installing the PECL package, the option defaults to auto
and should also pick up LibreSSL from pkg-config
if OpenSSL is not found.
The relevant PR (https://github.com/mongodb/mongo-php-driver/pull/736) was tested with Alpine Linux and LibreSSL specifically (both auto
and libressl
behaviors).
Could not compile on Alpine Linux v3.5 x86_64 with LibreSSL
cc -Isrc/libmongoc/src/mongoc/ -I/tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/ -DPHP_ATOM_INC -I/tmp/mongodb-1.2.2/include -I/tmp/mongodb-1.2.2/main -I/tmp/mongodb-1.2.2 -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -I/tmp/mongodb-1.2.2/src/BSON/ -I/tmp/mongodb-1.2.2/src/MongoDB/ -I/tmp/mongodb-1.2.2/src/MongoDB/Exception/ -I/tmp/mongodb-1.2.2/src/contrib/ -I/tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/ -I/tmp/mongodb-1.2.2/src/libbson/src/ -I/tmp/mongodb-1.2.2/src/libbson/src/yajl/ -I/tmp/mongodb-1.2.2/src/libbson/src/bson/ -DBSON_COMPILATION -DMONGOC_COMPILATION -DMONGOC_TRACE -DHAVE_CONFIG_H -g -O2 -c /tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.c -fPIC -DPIC -o src/libmongoc/src/mongoc/.libs/mongoc-stream-tls-openssl.o /tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.c: In function 'mongoc_stream_tls_openssl_new': /tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.c:646:7: warning: implicit declaration of function 'X509_VERIFY_PARAM_set_hostflags' [-Wimplicit-function-declaration] X509_VERIFY_PARAM_set_hostflags (param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ^
~~~~~~/tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.c:646:47: error: 'X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS' undeclared (first use in this function) X509_VERIFY_PARAM_set_hostflags (param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ^~~~~~~~/tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.c:646:47: note: each undeclared identifier is reported only once for each function it appears in /tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.c:649:10: warning: implicit declaration of function 'X509_VERIFY_PARAM_set1_ip_asc' [-Wimplicit-function-declaration] X509_VERIFY_PARAM_set1_ip_asc (param, host); ^~~~~~~~~ /tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.c:651:10: warning: implicit declaration of function 'X509_VERIFY_PARAM_set1_host' [-Wimplicit-function-declaration] X509_VERIFY_PARAM_set1_host (param, host, 0); ^~~~~~~ make: *** [Makefile:568: src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.lo] Error 1