Closed Lewiscowles1986 closed 2 years ago
mefellows
commented
2 years ago Right, so Ubuntu defaults to openssl 3.x.x. Should we consider not using openssl in that library @uglyog and instead use the rust tls stuff like we're using elsewhere?
What's the broader impact of dropping openssl?
rholshausen
commented
2 years ago The only issue was the certificate loading issue on Windows, but that is now resolved
Lewiscowles1986
commented
2 years ago I Guess my confusion here is. Why is Linux client requiring OpenSSL if windows is not?
I Just verified @rholshausen is correct; however my windows machine is a pet machine, not deployed with infrastructure as code. So It's very possible that some other dependency brings in OpenSSL.
I'll try to ask my wife who is not a coder to try this. Because if it's not an issue for Windows, I can't see why it should be an issue for Linux... Are the builds so different?
Update: https://github.com/pact-foundation/pact-stub-server/blob/master/Cargo.lock#L814-L830
rholshausen
commented
2 years ago On Windows and OSX there are OS specific APIs to provide TLS, on Linux it has to use openssl.
From: https://github.com/sfackler/rust-native-tls
Specifically, this crate uses SChannel on Windows (via the schannel crate), Secure Transport on macOS (via the security-framework crate), and OpenSSL (via the openssl crate) on all other platforms.
By default, openssl will be dynamically linked on Linux.
Lewiscowles1986
commented
2 years ago Just looking for how to statically link openssl then following https://github.com/sfackler/rust-native-tls/issues/190#issuecomment-723579236
Lewiscowles1986
commented
2 years ago OpenSSL as always... not fun to play with smol attempt.
I wonder if https://github.com/rustls/rustls might drop in with less fuss...
I'll try to make some time on this at some point, but it can't be a priority for me at the moment (sorry).
How likely is this library/utility to be maintained in the future? I noticed master mentions an unpublished release that didn't pass github actions on mac, and hasn't updated since Jan 2021... Is this repo deprecated?
One other approach that could work would be (maintenance burden), maintaining a generic docs warning for Linux users, with specific community contributed guides to setting up openssl and crypto shared objects of the correct version.
rholshausen
commented
2 years ago I have migrated the other Rust-based Pact utilities to use Rust TLS, so it won't be a big change. I just haven't had the time to get around to this one. But it is still supported.
rholshausen
commented
2 years ago The binary is now only linked to the standard Linux libs
❯ ldd target/debug/pact-stub-server
linux-vdso.so.1 (0x00007fff4bae8000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f899cd64000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f899cd41000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f899cbf2000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f899cbec000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f899c9fa000)
/lib64/ld-linux-x86-64.so.2 (0x00007f899ed2e000)Awesome, I'll take https://github.com/pact-foundation/pact-stub-server/releases/tag/v0.5.0 for a spin. Should definitely be more stable than shell scripts.
Just tried running this on Ubuntu 22.04
First it says
libssl.so.1.1is missing (the system default is libssl.so) Thenlibcrypto.so.1.1. Same behhavior...I'd installed something that put these into snap packages, so I copied from
/snap/core20/1434/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1to/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(same with libssl.so.1.1)Seems like this should either ship with those or link to something that can be statically compiled in.