-
Notifications
You must be signed in to change notification settings - Fork 719
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dynamically load libssl in JITServer #8145
Conversation
d962f2d
to
fa8a0ef
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall it looks ok to me. In rossa.cpp when calling loadLibsslAndFindSymbols
you must inspect the return code and fail the JVM.
Also, is it possible to load the SSL libs only if the client/server want to use encryption?
aae0fe3
to
7caee01
Compare
7caee01 has replaced all the symbols. So far tested the following configuration with OpenSSL connection established between the server and the client.
|
7caee01
to
db29620
Compare
@mpirvu All comments addressed. Ready for another review. Thanks!
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Indentation needs to be fixed in one of the files.
Could you please make sure that SSL operations work as expected? For that you need something like an AcmeAir run, or maybe "java -version" exercises enough/all of the functionality
Jenkins test sanity xlinuxjit jdk8 |
Dynamically load the OpenSSL libssl symbols required by JITServer. Replaced all the libssl APIs with function calls to the loaded symbols during the runtime. Related to eclipse-openj9#8138 Signed-off-by: Annabelle Huo <Annabelle.Huo@ibm.com>
db29620
to
cb2f9a7
Compare
@mpirvu All comments addressed. Ready for another review. Thanks. All the above three cases are tested with SSL connection established between the client and the server by running Here are more detailed logs from building with 1.0.2 and running with 1.1.1.
|
Jenkins test sanity xlinuxjit jdk8 |
Jenkins test sanity xlinuxjit jdk11 |
Jenkins test sanity plinuxjit jdk8,jdk11 |
PPC linux build and test failed. Looks like related to protobuf. Doesn’t seem related to this change since the failure exists before OpenSSL is fully enabled in JITServer: https://ci.eclipse.org/openj9/job/Build_JDK8_ppc64le_linux_jit_Personal/2/console
Java 8 test failed for both xlinux and ppc linux. Similar to #8153 (comment)
|
Many Java11 tests fail with:
which demangled is
An internet search that sometimes people encounter |
To recap: Based on the above I think this PR is good to be merged. It will solve a major problem in testing with JITServer. |
With the change in eclipse-openj9/openj9#8145, OpenSSL symbols are dynamically loaded at the runtime. During the build time, there is no longer a dependency on the installed OpenSSL version on the build machines. Removed the code that checks `SSL_CTX_set_ecdh_auto` during config. Signed-off-by: a7ehuo <Annabelle.Huo@ibm.com>
With the change in eclipse-openj9/openj9#8145, `OpenSSL` symbols are dynamically loaded at the runtime. During the build time, there is no longer a dependency on the installed `OpenSSL` version on the build machines. Removed the code that checks `SSL_CTX_set_ecdh_auto` during config. Signed-off-by: Annabelle Huo <Annabelle.Huo@ibm.com>
With the change in eclipse-openj9/openj9#8145, `OpenSSL` symbols are dynamically loaded at the runtime. During the build time, there is no longer a dependency on the installed `OpenSSL` version on the build machines. Removed the code that checks `SSL_CTX_set_ecdh_auto` during config. Signed-off-by: Annabelle Huo <Annabelle.Huo@ibm.com>
With the change in eclipse-openj9/openj9#8145, `OpenSSL` symbols are dynamically loaded at the runtime. During the build time, there is no longer a dependency on the installed `OpenSSL` version on the build machines. Removed the code that checks `SSL_CTX_set_ecdh_auto` during config. Signed-off-by: Annabelle Huo <Annabelle.Huo@ibm.com>
With the change in eclipse-openj9/openj9#8145, `OpenSSL` symbols are dynamically loaded at the runtime. During the build time, there is no longer a dependency on the installed `OpenSSL` version on the build machines. Removed the code that checks `SSL_CTX_set_ecdh_auto` during config. Signed-off-by: Annabelle Huo <Annabelle.Huo@ibm.com>
With the change in eclipse-openj9/openj9#8145, `OpenSSL` symbols are dynamically loaded at the runtime. During the build time, there is no longer a dependency on the installed `OpenSSL` version on the build machines. Removed the code that checks `SSL_CTX_set_ecdh_auto` during config. Signed-off-by: Annabelle Huo <Annabelle.Huo@ibm.com>
This is the same failure I was seeing when doing the installations on our internal machines. Here are the steps I used for the internal P machines:
However, this issue looks identical to a problem I saw on s390 machines. Here are the s390 instructions for installing protobuf on the machines that saw this problem:
I think something similar can be done for Power as well. @jdekonin Do you recall if this second process was used (particularly the |
@dchopra001 I don't recall but the history on the machines tells the story. I can see the remove step was not performed on all of the plinux machines, but only the 6 from UNB actually had that dev package installed. I redid the protobuf install on all the plinux machines. Please retry. |
Dynamically load
libssl
in JITServer usingdlopen
and load the OpenSSL libssl symbols required by JITServer. Replaced all the libssl APIs with function calls to the loaded symbols during the runtime.Signed-off-by: Annabelle Huo Annabelle.Huo@ibm.com