Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Qt missing OpenSSL 3.x support on Linux distributions #1

Closed
jvsguerra opened this issue Feb 28, 2023 · 1 comment
Closed

Qt missing OpenSSL 3.x support on Linux distributions #1

jvsguerra opened this issue Feb 28, 2023 · 1 comment
Assignees
@jvsguerra
Labels
good first issue Good for newcomers

Comments

@jvsguerra
Copy link
Member

Summary

Error submitting a job to the PyMOL KVFinder-web Tools KVFinder-web service.

Setup

  • OS: Pop!_OS 22.04 LTS
  • PyMOL Version: v2.5.0
  • Python Version: 3.10.6

Steps to reproduce

  1. Load a structure in pymol
  2. Submit a job to KVFinder-web service

What is the current bug behavior?

When submitting a job to our public KVFinder-web service (http://kvfinder-web.cnpem.br/api) from PyMOL KVFinder-web Tools, the network reply fails and comes back empty.

Relevant logs and/or screenshots

Incompatible version of OpenSSL (built with OpenSSL 1.x, runtime version is >= 3.x)
The backend "cert-only" does not support QSslKey
Active TLS backend does not support key creation
The backend "cert-only" does not support QSslKey
Active TLS backend does not support key creation
The backend "cert-only" does not support QSslKey
Active TLS backend does not support key creation
The backend "cert-only" does not support QSslKey
Active TLS backend does not support key creation
The backend "cert-only" does not support QSslKey
Active TLS backend does not support key creation
The backend "cert-only" does not support QSslKey
Active TLS backend does not support key creation
The backend "cert-only" does not support QSslSocket
The backend named "cert-only" does not support TLS
QSslSocket::connectToHostEncrypted: TLS initialization failed
QSslSocket::connectToHostEncrypted: TLS initialization failed
@jvsguerra jvsguerra added the good first issue Good for newcomers label Feb 28, 2023
@jvsguerra jvsguerra self-assigned this Feb 28, 2023
@jvsguerra
Copy link
Member Author

A workaround to this issue on Linux distributions (e.g., Ubuntu 22.04 LTS and Pop!_OS 22.04 LTS) is to build OpenSSL 1.1.1 from source and configure your system to use the newly installed OpenSSL.

To do so, follow these steps:

  1. Update all packages
sudo apt update
  1. Install build dependencies
sudo apt install build-essential checkinstall zlib1g-dev -y
  1. Grab OpenSSL source code
cd /usr/local/src/
sudo wget https://www.openssl.org/source/openssl-1.1.1m.tar.gz
  1. Extract the .tar.gz file
sudo tar -xf openssl-1.1.1m.tar.gz
cd openssl-1.1.1m
  1. Build OpenSSL from source
sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
sudo make
sudo make test
sudo make install
  1. Configure OpenSSL shared libraries

The newly installed OpenSSL binary will load library files from the /usr/local/ssl/lib directory. Go to the /etc/ld.so.conf.d directory and create new configuration file openssl-1.1.1m.conf by running:

sudo nano /etc/ld.so.conf.d/openssl-1.1.1m.conf

The openssl-1.1.1m.conf should contain the path to OpenSSL library, which should be only one line:

/usr/local/ssl/lib

After saving the file, run the following command to reload the dynamic link with full debug output:

sudo ldconfig -v
  1. Configure updated OpenSSL

First, we need to backup the binary files:

sudo mv /usr/bin/c_rehash /usr/bin/c_rehash.backup
sudo mv /usr/bin/openssl /usr/bin/openssl.backup

Next, we have to configure system environment so that it recognizes the newly installed OpenSSL located at /usr/local/ssl/bin/openssl, instead of the default one at /usr/bin/openssl.

We need to edit /etc/environment file to include /usr/local/ssl/bin into our PATH environment variable system-wide.

sudo nano /etc/environment

Put :/usr/local/ssl/bin into the end of the line. Notice that we separate entries with a colon and wrap everything in a double-quote.

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/ssl/bin"

Next, reload the OpenSSL environment and check the PATH to see if the modification takes effect or not using the commands below:

source /etc/environment
echo $PATH
  1. Verify you OpenSSL installation
openssl version -a
OpenSSL 1.1.1m  14 Dec 2021
built on: Tue Feb 28 13:54:34 2023 UTC
platform: linux-x86_64
options:  bn(64,64) rc4(8x,int) des(int) idea(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/ssl/lib/engines-1.1"
Seeding source: os-specific

Reference: https://linuxpip.org/install-openssl-linux/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jvsguerra jvsguerra

Labels
good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jvsguerra