Build of robo-shell v4.2 fails with openssl-1.1.1f on Ubuntu

[simsekgokhan]

Problem

Due to failing mongo-shell (robo-shell) build with OpenSSL 1.1.1f on Linux, we are unable to upgrade Robo 1.4 libssh2 version from 1.7.0 to 1.9.0 thus cannot support ECDSA and Ed25519 keys on Linux. Windows and macOS do not have this problem.

Next Actions:

• Investigate following usage:

\robo-shell\src\mongo\util\version.cpp:
...
#if !defined(MONGO_CONFIG_SSL) || MONGO_CONFIG_SSL_PROVIDER != MONGO_CONFIG_SSL_PROVIDER_OPENSSL
    return "";
#elif MONGO_CONFIG_SSL_PROVIDER == MONGO_CONFIG_SSL_PROVIDER_OPENSSL
    return prefix.toString() + SSLeay_version(SSLEAY_VERSION) + suffix;
#endif
...

Details:

<1> libssh2 requires OpenSSL 1.1.1 or later
libssh2/libssh2@0309229

<2> robo-shell (mongo shell) expects older versions of OpenSSL on Linux and build fails with OpenSSL 1.1.1f

/// --- Ubuntu 16.04 build robo-shell with openssl 1.1.1f

// build output
Checking for SSLeay_version(0) in C library crypto... no
Couldn't find OpenSSL crypto.h header and library

// build log (config.log)
file /opt/robo-shell/SConstruct,line 2991:
	Configure(confdir = build/scons/opt/sconf_temp)
scons: Configure: Checking for SSLeay_version(0) in C library crypto... 
scons: Configure: "build/scons/opt/sconf_temp/conftest_59.c" is up to date.
scons: Configure: The original builder output was:
  |build/scons/opt/sconf_temp/conftest_59.c <-
  |  |
  |  |
  |  |#include "openssl/crypto.h"
  |  |
  |  |int
  |  |main() {
  |  |  SSLeay_version(0);
  |  |return 0;
  |  |}
  |  |
  |
Compiling build/scons/opt/sconf_temp/conftest_59.o
build/scons/opt/sconf_temp/conftest_59.c: In function 'main':
build/scons/opt/sconf_temp/conftest_59.c:7:3: error: implicit declaration of function 'SSLeay_version'; did you mean 'OpenSSL_version'? [-Werror=implicit-function-declaration]
   SSLeay_version(0);
   ^~~~~~~~~~~~~~
   OpenSSL_version
cc1: all warnings being treated as errors
scons: Configure: no

<3> Building OpenSSL with DOPENSSL_API_COMPAT flag does not solve the problem

///-DOPENSSL_API_COMPAT=0x10100000L
https://www.openssl.org/docs/manmaster/man7/OPENSSL_API_COMPAT.html

// openssl-1.1.1f
include\openssl\ssl.h
# if OPENSSL_API_COMPAT < 0x10100000L
#  define SSL_library_init() OPENSSL_init_ssl(0, NULL)
# endif

include\openssl\crypto.h
# if OPENSSL_API_COMPAT < 0x10100000L
#  define SSLeay                  OpenSSL_version_num
#  define SSLeay_version          OpenSSL_version
#  define SSLEAY_VERSION_NUMBER   OPENSSL_VERSION_NUMBER
#  define SSLEAY_VERSION          OPENSSL_VERSION
#  define SSLEAY_CFLAGS           OPENSSL_CFLAGS
#  define SSLEAY_BUILT_ON         OPENSSL_BUILT_ON
#  define SSLEAY_PLATFORM         OPENSSL_PLATFORM
#  define SSLEAY_DIR              OPENSSL_DIR

///
openssl-1.1.1f: nm -gD libssl.so | grep SSL_library_init  
  // not found, since SSL_library_init() is deprecated in 1.1.1
   
openssl-1.0.2o: nm -gD libssl.so | grep SSL_library_init
0000000000055520 T SSL_library_init

<4>
https://docs.mongodb.com/manual/tutorial/configure-ssl/

Starting in version 4.0, MongoDB uses the native TLS/SSL OS libraries:
Windows	  : Secure Channel (Schannel)
Linux/BSD: OpenSSL
macOS	  : Secure Transport

[wcasanova]

This problem is not in all linux distributions, specifically it is in Ubuntu and Debian, and more if they use non-current LTS. most of all, the libssh2 1.9 package
is available in Fedora 32, archlinux, openSUSE Tumbleweed, among others

[simsekgokhan]

Hi @wcasanova , thx for your input. It is not a package problem. We have libssh2 code in our repo: https://github.com/Studio3T/robomongo/tree/master/src/third-party. This is more of a build problem "failing mongo-shell (robo-shell) build with OpenSSL 1.1.1f on Linux".