search

mongodb / mongo-php-driver

The Official MongoDB PHP driver
https://pecl.php.net/package/mongodb
Apache License 2.0
881 stars 200 forks source link

Compile error with LibreSSL #507

Closed vv3d0x closed 6 years ago

vv3d0x commented 7 years ago

Could not compile on Alpine Linux v3.5 x86_64 with LibreSSL

cc -Isrc/libmongoc/src/mongoc/ -I/tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/ -DPHP_ATOM_INC -I/tmp/mongodb-1.2.2/include -I/tmp/mongodb-1.2.2/main -I/tmp/mongodb-1.2.2 -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -I/tmp/mongodb-1.2.2/src/BSON/ -I/tmp/mongodb-1.2.2/src/MongoDB/ -I/tmp/mongodb-1.2.2/src/MongoDB/Exception/ -I/tmp/mongodb-1.2.2/src/contrib/ -I/tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/ -I/tmp/mongodb-1.2.2/src/libbson/src/ -I/tmp/mongodb-1.2.2/src/libbson/src/yajl/ -I/tmp/mongodb-1.2.2/src/libbson/src/bson/ -DBSON_COMPILATION -DMONGOC_COMPILATION -DMONGOC_TRACE -DHAVE_CONFIG_H -g -O2 -c /tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.c -fPIC -DPIC -o src/libmongoc/src/mongoc/.libs/mongoc-stream-tls-openssl.o /tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.c: In function 'mongoc_stream_tls_openssl_new': /tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.c:646:7: warning: implicit declaration of function 'X509_VERIFY_PARAM_set_hostflags' [-Wimplicit-function-declaration] X509_VERIFY_PARAM_set_hostflags (param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ^~~~~~~ /tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.c:646:47: error: 'X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS' undeclared (first use in this function) X509_VERIFY_PARAM_set_hostflags (param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ^~~~~~~~ /tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.c:646:47: note: each undeclared identifier is reported only once for each function it appears in /tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.c:649:10: warning: implicit declaration of function 'X509_VERIFY_PARAM_set1_ip_asc' [-Wimplicit-function-declaration] X509_VERIFY_PARAM_set1_ip_asc (param, host); ^~~~~~~~~ /tmp/mongodb-1.2.2/src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.c:651:10: warning: implicit declaration of function 'X509_VERIFY_PARAM_set1_host' [-Wimplicit-function-declaration] X509_VERIFY_PARAM_set1_host (param, host, 0); ^~~~~~~ make: *** [Makefile:568: src/libmongoc/src/mongoc/mongoc-stream-tls-openssl.lo] Error 1

jmikola commented 7 years ago

We currently only support OpenSSL with the bundled version of libmongoc. Supporting other TLS libraries with libmongoc has been on our radar, but I wasn't able to find an existing JIRA ticket for the task. I just created PHPC-888 to track this.

Until then, you should be able to build libmongoc on its own, which will pick up LibreSSL, and install it as a system library. From there, you can pass --with-libmongoc=yes --with-libbson=yes to configure when building the driver from source. Note: libbson must also be installed as a system library (per PHPC-873), but libmongoc's build process should take care of that for you.

im-kulikov commented 7 years ago

@jmikola Hello.

Now, only Mongodb-1.1.10 builds with Libressl.

OpenSSL is replaced with LibreSSL in Alpine Linux 3.5.

Mb is some way to compile latest version with libreSSL and pecl?

Thx for your work)

jmikola commented 7 years ago

This requires changes to config.m4 to detect additional TLS libraries supported by libmongoc. It will definitely be addressed in 1.3.0 by PHPC-888, although we may decide to backport it to 1.2.x if the fix is portable enough. I don't have an ETA for either case at the moment.

im-kulikov commented 7 years ago

@jmikola Thnx!

im-kulikov commented 7 years ago

@vv3d0x try Mongodb-1.1.10, it will be compiled with LibreSSL without errors

See - https://github.com/ulabs-org/docker-php7/blob/master/Dockerfile

sibidharan commented 6 years ago

@im-kulikov

See - https://github.com/ulabs-org/docker-php7/blob/master/Dockerfile

I cannot see the file is compiling mongodb over LiberSSL.

@jmikola Do you think compiling with LiberSSL (all PHP, httpd, and mongodb.so) could solve https://github.com/Homebrew/homebrew-core/issues/21475 ?

im-kulikov commented 6 years ago

@sibidharan already changed.. tired of waiting...

sibidharan commented 6 years ago

Can you assist me with the steps? @im-kulikov

im-kulikov commented 6 years ago

@sibidharan I replace self building with prebuilding.. from Alpine

https://github.com/ulabs-org/docker-php7/blob/8e61626fb29ff45a01aff444cc4c3438185cf2a2/Dockerfile#L88

im-kulikov commented 6 years ago

this one - http://pkgs.alpinelinux.org/packages?name=php7-mongodb*&branch=&repo=&arch=&maintainer=

Here APKBUILD - https://git.alpinelinux.org/cgit/aports/tree/testing/php7-mongodb/APKBUILD

jmikola commented 6 years ago

@sibidharan: I mentioned PHPC-888 a few times in #682. That will allow the driver to link against Secure Transport for TLS/crypto needs on macOS. In regards to this ticket, it would also allow LibreSSL to be utilized on Alpine Linux.

libmongoc has supported linking with libraries other than OpenSSL for some time, but we simply haven't had the development bandwidth to port the necessary changes to our autoconf configuration, which is why PHPC-888 has been kicked from release to release. The current workaround was to install libbson and libmongoc as system libraries on their own, rather than use the bundled versions in the PHP driver, and then build the PHP driver with --with-libmongoc=yes --with-libbson=yes configure options (described in https://github.com/mongodb/mongo-php-driver/issues/507#issuecomment-270401128).

Technically, adopting that approach in Homebrew could very well fix the problem today. I'm not sure if existing libbson and libmongoc packages exist for Homebrew, but if so, the PHP driver formula could be changed to install from source with those configure options instead of using PECL.

sibidharan commented 6 years ago

@jmikola - Thank you! It worked. httpd is not crashing anymore. I did these as I said in https://github.com/Homebrew/homebrew-core/issues/21475#issuecomment-350458394, which solved my issue 💯

libmongoc SSL library is Secure Transport now :D

jmikola commented 6 years ago

We've just tagged mongodb-1.4.0RC1, which includes PHPC-888 and should allow the driver to use LibreSSL. The following quote is from our soon-to-be-published release notes:

This release overhauls the way the extension configures SSL libraries and adds support for LibreSSL and macOS native SSL (Secure Transport). When building from source, configure now supports a --with-mongodb-ssl option. This defaults to auto, which will first attempt to use OpenSSL, followed by LibreSSL, and finally Secure Transport (for macOS only, of course). Additionally, you may specify openssl, libressl, or darwin to force a particular library, or specify no to disable SSL entirely.

Therefore, you can now build the driver with LibreSSL by providing --with-mongodb-ssl=libressl as an argument to configure when compiling from source. If you are installing the PECL package, the option defaults to auto and should also pick up LibreSSL from pkg-config if OpenSSL is not found.

The relevant PR (https://github.com/mongodb/mongo-php-driver/pull/736) was tested with Alpine Linux and LibreSSL specifically (both auto and libressl behaviors).