fix(NODE-6253): use runtime linking against system kerberos libraries by default

[nbbeeken]

Description

What is changing?

Set kerberos_use_rtld to true by default

Is there new documentation needed for these changes?

No

What is the motivation for this change?

See highlight

Release Highlight

Fix segfault when running kerberos on systems with 1.x OpenSSL versions and Node.js 18+

Kerberos depends on OpenSSL and Node.js always bundles a copy of OpenSSL. Unfortunately an incompatiblity arises when Node's SSL version is not compatible with the version that the system kerberos library was built with.

Kerberos will now load the system library by default with runtime dynamic linking. This enables us to specify that kerberos use the SSL version it was built against (RTLD_DEEPBIND) so it does not adopt the symbols available in Node.js' address space.

Starting in Node 18+ these Node's SSL symbols are from OpenSSL 3+, whereas on RHEL 8 the system SSL library is 1.1.1k.

Double check the following

• Ran npm run check:lint script
• Self-review completed using the steps outlined here
• PR title follows the correct format: type(NODE-xxxx)[!]: description
  • Example: feat(NODE-1234)!: rewriting everything in coffeescript
• Changes are covered by tests
• New TODOs have a related JIRA ticket

[addaleax]

kerberos/.evergreen/config.yml

Line 127 in ec3ab7a

GYP_DEFINES: kerberos_use_rtld=true

should probably be inverted so that we keep testing both variants?