Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

My Razor server fails to start with openssl3 #67375

Closed
adamijak opened this issue Mar 31, 2022 · 11 comments
Closed

My Razor server fails to start with openssl3 #67375

adamijak opened this issue Mar 31, 2022 · 11 comments
Labels
area-System.Security tracking-external-issue The issue is caused by external problem (e.g. OS) - nothing we can do to fix it directly
Milestone
Future

Comments

@adamijak
Copy link

adamijak commented Mar 31, 2022
edited

Description

My Razor server fails to start with error message Cannot get required symbol EVP_MD_size from libssl

Reproduction Steps

Start vscode with c# extension installed and open cshtml file

Expected behavior

Should start Razor server

Actual behavior

Fails to start Razor server

Regression?

It worked in Fedora 35 which used openssl1.1 I think. However I do have a openssl1.1 installed.

Known Workarounds

CLR_OPENSSL_VERSION_OVERRIDE=1.1 code

Configuration

Fedora 36

> dotnet --list-sdks
3.1.417 [/usr/lib64/dotnet/sdk]
6.0.103 [/usr/lib64/dotnet/sdk]

> openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

Razor.VSCode version 6.0.0-preview.5.21358.6

Other information

No response
@dotnet-issue-labeler
Copy link

I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.

@dotnet-issue-labeler dotnet-issue-labeler bot added the untriaged New issue has not been triaged by the area owner label Mar 31, 2022
@ghost
Copy link

ghost commented Mar 31, 2022

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Description

My Razor server fails to start with error message Cannot get required symbol EVP_MD_size from libssl

Reproduction Steps

Start vscode with c# extension installed and open cshtml file

Expected behavior

Should start Razor server

Actual behavior

Fails to start Razor server

Regression?

It worked in Fedora 35 which used openssl1.1 I think. However I do have a openssl1.1 installed.

Known Workarounds

Do not know any

Configuration

Fedora 36

> dotnet --list-sdks
3.1.417 [/usr/lib64/dotnet/sdk]
6.0.103 [/usr/lib64/dotnet/sdk]

> openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

Other information

No response

Author: adamijak
Assignees: -
Labels:

area-System.Security, untriaged
Milestone: -

@vcsjones
Copy link
Member

Hm, yeah, EVP_MD_size was renamed to EVP_MD_get_size in OpenSSL 3, which .NET 6 should account for. I'll see if I can reproduce it as soon as I get my Rawhide VM working again.

@vcsjones
Copy link
Member

@adamijak what version of RZLS do you have?

If you go to View, Output, and change the drop down to "Razor Log", you should see a log message similar to this:

--------------------------------------------------------------------------------
Razor.VSCode version 6.0.0-preview.5.21358.6
--------------------------------------------------------------------------------

It looks like rzls is a self-contained .NET 6 app, but built on a preview of .NET 6, which may not have had all of the incorporated OpenSSL 3 fixes yet.

@bartonjs do you recall which preview OpenSSL 3 was added in .NET 6?

@adamijak
Copy link
Author

@adamijak what version of RZLS do you have?

If you go to View, Output, and change the drop down to "Razor Log", you should see a log message similar to this:


--------------------------------------------------------------------------------

Razor.VSCode version 6.0.0-preview.5.21358.6

--------------------------------------------------------------------------------

It looks like rzls is a self-contained .NET 6 app, but built on a preview of .NET 6, which may not have had all of the incorporated OpenSSL 3 fixes yet.

@bartonjs do you recall which preview OpenSSL 3 was added in .NET 6?

Yes I can see message saying it uses dotnet6 preview

@bartonjs
Copy link
Member

EVP_MD_size got renamed to EVP_MD_get_size after OSSL3b1. So if you're using a .NET 6 preview build, it sounds like you're using one older than Preview 7 (which contains the fix #55542).

Assuming the Razor preview versions align with the shared framework preview versions, you need p7 or higher.

Or, you can force OpenSSL 1.1 by setting the environment variable CLR_OPENSSL_VERSION_OVERRIDE to the value 1.1:

export CLR_OPENSSL_VERSION_OVERRIDE=1.1
dotnet command goes here

@vcsjones
Copy link
Member

Based on the output of

strings ~/.vscode/extensions/ms-dotnettools.csharp-1.24.1-darwin-x64/.razor/libSystem.Security.Cryptography.Native.OpenSsl.dylib

It looks like Razor Language Server had runtime with commit @(#)Version 6.0.21.35102 @Commit: cf2938f.

@bartonjs's fix landed in b72548e. Based on dates, Jeremy's fix landed after the commit that Razor Language Server is built with.

@vcsjones
Copy link
Member

vcsjones commented Mar 31, 2022
edited

To summarize:

  1. Razor Language Server is self contained and built with a preview that has incomplete OpenSSL 3 support.
  2. Can you try running export CLR_OPENSSL_VERSION_OVERRIDE=1.1 code from the Terminal to see if the RZLS picks up it should be forced to use OpenSSL 1.1?
  3. I'm trying to figure out where to file an issue for RZLS. The problem should eventually go away whenever RZLS is built on a later version.

@vcsjones vcsjones mentioned this issue Mar 31, 2022
Closed
@vcsjones
Copy link
Member

Opened dotnet/razor#6241

@adamijak
Copy link
Author

adamijak commented Mar 31, 2022
edited

I can confirm I use p5 according to Razor output (you can se edited configuration section). Also setting CLR_OPENSSL_VERSION_OVERRIDE=1.1 code fixed the issue. Server starts, intellisense is working. Thank you for your time @bartonjs and @vcsjones

@adamijak adamijak mentioned this issue Mar 31, 2022
Open
12 tasks
@bartonjs bartonjs added tracking-external-issue The issue is caused by external problem (e.g. OS) - nothing we can do to fix it directly and removed untriaged New issue has not been triaged by the area owner labels Mar 31, 2022
@bartonjs bartonjs added this to the Future milestone Mar 31, 2022
@bartonjs
Copy link
Member

The portion we can control was already fixed. Since there's a workaround and we've opened an issue against the component that just needs to upgrade (thanks @vcsjones) there's not really anything left to do here, so I'm going to go ahead and close the issue.

@ghost ghost locked as resolved and limited conversation to collaborators May 1, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-System.Security tracking-external-issue The issue is caused by external problem (e.g. OS) - nothing we can do to fix it directly
Projects
None yet
Milestone
Future
Development

No branches or pull requests
4 participants
@vcsjones @bartonjs @teo-tsirpanis @adamijak