New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Erlang doesn't build correctly for certain versions of OpenSSL 1.1.x #226

Open
fenollp opened this Issue Aug 28, 2017 · 5 comments

Comments

Projects
None yet
3 participants
@fenollp
Copy link
Contributor

fenollp commented Aug 28, 2017

debian: netinstall cd image 9.1.0
openssl: 1.1.0f-3 amd64
erlang: 18.2 compiled & installed with latest Kerl

The error: crypto app is not found.
Do we need to install openssl-dev or some other thing?

Tell me if you need more info.

@fenollp fenollp changed the title kerl builds without openssl support kerl builds without openssl support on debian netinstall Aug 28, 2017

@mrallen1

This comment has been minimized.

Copy link
Collaborator

mrallen1 commented Aug 28, 2017

Yes. I believe the library is called libssl-dev. Would you try the code on PR #222? Curious how it works out for you.

@fenollp

This comment has been minimized.

Copy link
Contributor Author

fenollp commented Aug 28, 2017

@claytonfinney plz try this ^

@mpmiszczyk

This comment has been minimized.

Copy link
Contributor

mpmiszczyk commented Sep 7, 2017

I believe you need to downgrade your openssl, preferably to 1.0._

I had similar problem on Arch and after a lot of googling I've managed to pinpoint the problem. As mentioned [here][http://erlang.org/pipermail/erlang-questions/2016-September/090152.html]

Recently, new major OpenSSL version 1.1 has been released, with many
API incompatibilities, and I guess sooner or later one should port
Erlang crypto module to it. My first attempt of the porting can be
found at https://github.com/sgolovan/otp/tree/openssl11

and [here][http://erlang.2086793.n4.nabble.com/building-OTP-with-OpenSSL-1-1-0-td4718126.html]

  1. OTP's lib/crypto/c_src/crypto.c wants "openssl/chacha.h" and "openssl/poly1305.h". which do not exist in OpenSSL 1.1.0 source. There are chacha.h and poly1305.h in crypto/include/internal, but they don't seem to be what OTP's crypto.c wants, as they don't contain required functions (like CRYPTO_chacha_20, for example)...1.0.2h, the last of OpenSSL's 1.0.x versions, simply does not have support for Chacha20/Poly1305, hence OTP compiles ok.

This issue was [solved][The crypto application now supports OpenSSL 1.1.] in Erlang itself and 20.+ will compile without any problems. But all distributions (and I would guess any operating systems) with OpenSSL 1.1+ will cause issues while building older Erlangs (even 19.3). If you look closely into logs you will find that make is able to find OpenSSL but to to use it

checking for OpenSSL >= 0.9.7 in standard locations... found; but not usable
configure: WARNING: No (usable) OpenSSL found, skipping ssl, ssh and crypto applications

Arch Linux provides openssl-1.0 package which should solve this incompatibility, and I would guess other distributions will do something similar. But still it does not sit well with Erlang's --with-ssl option, but following [those instructions][https://github.com/asdf-vm/asdf/issues/195#issuecomment-301354356] will fix the problem (I've just found --with-ssl-include option which might work out of the box, but I wasn't able to verify it).

In conclusion, with more and more distributions (and other operating systems) moving to OpenSLL 1.1 this might become more common problem, and this incompatibility might be worth mentioning in Kerl's readme.

@mrallen1

This comment has been minimized.

Copy link
Collaborator

mrallen1 commented Sep 7, 2017

Thanks for the information!

@mrallen1 mrallen1 changed the title kerl builds without openssl support on debian netinstall Erlang doesn't build correctly for certain versions of OpenSSL 1.1.x Jan 23, 2018

@mrallen1

This comment has been minimized.

Copy link
Collaborator

mrallen1 commented Apr 6, 2018

Looks like this issue is happening on newer Fedora builds as well - there's a compat RPM as noted on this thread for asdf compat-openssl10-devel

The Arch Linux stuff specifically is here: https://github.com/asdf-vm/asdf-erlang/wiki/OpenSSL-on-ArchLinux

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment