[ 63%] Built target qa_auth_interface Scanning dependencies of target qa_auth_server [ 64%] Building C object plugin/auth/CMakeFiles/qa_auth_server.dir/qa_auth_server.c.o Linking C shared module qa_auth_server.so [ 64%] Built target qa_auth_server Scanning dependencies of target vio [ 64%] Building C object vio/CMakeFiles/vio.dir/vio.c.o [ 64%] Building C object vio/CMakeFiles/vio.dir/viosocket.c.o [ 64%] Building C object vio/CMakeFiles/vio.dir/viossl.c.o /home/centos/mysql-5.5.34/vio/viossl.c: In function ‘ssl_do’: /home/centos/mysql-5.5.34/vio/viossl.c:175: error: ‘SSL_OP_NO_COMPRESSION’ undeclared (first use in this function) /home/centos/mysql-5.5.34/vio/viossl.c:175: error: (Each undeclared identifier is reported only once /home/centos/mysql-5.5.34/vio/viossl.c:175: error: for each function it appears in.) make: *** [vio/CMakeFiles/vio.dir/viossl.c.o] Error 1 make: *** [vio/CMakeFiles/vio.dir/all] Error 2 make: *** [all] Error 2
[18 Apr 15:06] Remi Collet
Can't build with openssl 0.9.8e from RHEL / CentOS / Oracle Linux 5
How to repeat:
cmake -DWITH_SSL=system ...
/builddir/build/BUILD/mysql-5.5.31/vio/viossl.c:175: error: 'SSL_OP_NO_COMPRESSION' undeclared (first use in this function)
See trivial attached patch[18 Apr 15:07] Remi Collet
mysql-openssl.patchAttachment: mysql-openssl.patch (text/x-patch), 405 bytes.
PS：patch -p1 < mysql-openssl.patch
[26 Apr 10:49] Umesh Umesh
http://bugs.mysql.com/bug.php?id=69080 marked as duplicate of this one.
[24 May 10:58] Umesh Umesh
Thank you for the report.
Verified as described.
// How to repeat
[root@cluster1 mysqlcom-5.5.31]# openssl version
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
[root@cluster1 mysqlcom-5.5.31]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.8 (Tikanga)
[root@cluster1 mysqlcom-5.5.31]# uname -a
Linux cluster1 2.6.32-100.26.2.el5 #1 SMP Tue Jan 18 20:11:49 EST 2011 x86_64 x86_64 x86_64 GNU/Linux
[root@cluster1 mysqlcom-5.5.31]# cmake -DCMAKE_INSTALL_PREFIX=/root/server/mysqlcom-5.5.31 -DWITH_SSL=system
[root@cluster1 mysqlcom-5.5.31]# make
Scanning dependencies of target vio
[ 63%] Building C object vio/CMakeFiles/vio.dir/vio.c.o
[ 63%] Building C object vio/CMakeFiles/vio.dir/viosocket.c.o
[ 63%] Building C object vio/CMakeFiles/vio.dir/viossl.c.o
/root/setup/mysqlcom-5.5.31/vio/viossl.c: In function âssl_doâ:
/root/setup/mysqlcom-5.5.31/vio/viossl.c:175: error: âSSL_OP_NO_COMPRESSIONâ undeclared (first use in this function)
/root/setup/mysqlcom-5.5.31/vio/viossl.c:175: error: (Each undeclared identifier is reported only once
/root/setup/mysqlcom-5.5.31/vio/viossl.c:175: error: for each function it appears in.)
make: *** [vio/CMakeFiles/vio.dir/viossl.c.o] Error 1
make: *** [vio/CMakeFiles/vio.dir/all] Error 2
make: *** [all] Error 2[24 May 11:50] Erlend Dahl
Bug #69080 mysql-5.5.31 not compatible with openssl-1.0.0 and lower
was marked as a duplicate.[8 Jun 0:07] Noel Butler
5.5.32 also suffers same fate, i'm amazed oracle had ignored this and the simple included patch that fixes this.
[13 Jun 10:40] Georgi Kodinov
This openssl version is rather old. openssl recommends that you should consider upgrading to a later one.
Is there any obstacle with you upgrading to a recent version ?
Alternatively you can just download the binaries from http://dev.mysql.com/downloads.
[13 Jun 10:44] Remi Collet
> Is there any obstacle with you upgrading to a recent version ?
Enterprise Linux distribution provides backport for security fix.
I don't think upgrade to a more recent version is even thinkable on RHEL, Oracle Linux or other clones.
[13 Jun 10:57] Georgi Kodinov
It's a bit unfortunate that there's no compile time way to check for the presence of that fix.
Thanks for the explanations. It's a valid bug and needs to be fixed.
[28 Jun 14:39] Georgi Kodinov
I would really love if you can provide a way for us to recognize at compile time that this particular openssl version has been patched to include the fix (so I can safely #ifdef the fix that we did on our side).
Any chance that you would consider adding a define specific to your backport of the fix in this version that we can use ?
E.g. adding something like this :
#define OPENSSL_RHEL_COMPRESSION_FIX 1
to openssl.h would work great.
[29 Jun 14:04] Remi Collet
@Georgi Kodinov sorry, I really don't understand the need.
Feel free to open a request for change on RHEL, but...
Why do you think you need this and don't simply #ifdef SSL_OP_NO_COMPRESSION
[29 Jun 15:33] Hartmut Holzgraefe
I don't understand why this can't be fixed by a simple #ifdef (as in the originally attached patch) either ...
[1 Jul 11:51] Georgi Kodinov
IMHO we need to be able to distinguish between an un-patched openssl 0.9.8e (that doesn't contain the fixes that you've backported to it) and your patched variant of the same library.
Otherwise there will not be enough information to determine whether to do the fix for this ssl bug in the mysql code or not.[29 Aug 14:21] Georgi Kodinov
Moving to "need feedback" based on the above question
[30 Sep 1:00] Bugs System
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".