Gen 8.6 Linux app build undefined symbol 'SSL_CTX_set_srp_username'
search cancel

Gen 8.6 Linux app build undefined symbol 'SSL_CTX_set_srp_username'

book

Article ID: 137185

calendar_today

Updated On:

Products

Gen

Issue/Introduction

When building a Gen Linux load module that contains a CALL EXTERNAL statement received some undefined symbols 'SSL_CTX_set_srp_username' and 'SSL_CTX_set_srp_password' due to differing library version of SSL.

Using Red Hat Open SSL shared library for the link.
The problem is that the RHEL 7.5 version of OpenSSL was built with the SRP option disabled, but Gen's libabrt.so shared library was built on a system with that option enabled. The end result is those 2 undefined symbols.

Gen library libabrt.so:
$ readelf -a $IEFH/lib/libabrt.so | egrep '(SSL_CTX_set_srp_username|SSL_CTX_set_srp_password)'
184: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND SSL_CTX_set_srp_username
287: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND SSL_CTX_set_srp_password
34031: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND SSL_CTX_set_srp_username
37773: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND SSL_CTX_set_srp_password

Environment

OS: RHEL 7.5, 7.6

Release : 8.6
Gen Build Tool
Gen Implementation Toolset

Cause

User is not using Build Tool to build the application and is using manual steps which do not reference the ssl & crypto libraries provided as part of the Gen 8.6 IT (first provided in IR1 PTF rtx86100 for consuming secure web services but also updated in RTX86200)  e.g.

$ cd $IEFH/lib

$ ls -al *ssl* *crypto*

lrwxrwxrwx. 1 gen86 gen86      47 Jul 26 01:47 libcrypto.so -> /opt/CA/CAGen/runtime/lib/libcrypto.so.1.0.0
-r--r--r--. 1 gen86 gen86 2584702 Sep 17 22:51 libcrypto.so.1.0.0
lrwxrwxrwx. 1 gen86 gen86      44 Jul 26 01:47 libssl.so -> /opt/CA/CAGen/runtime/lib/libssl.so.1.0.0
-r--r--r--. 1 gen86 gen86  517535 Sep 17 22:51 libssl.so.1.0.0


A normal build pulls in those libraries in via "-lssl -lcrypto" in the link step (specified in $IEFH/make/ief_linux.h) e.g. example output shows:

***
g++  -Wl,-Bdynamic   -o /home/gen86/rmt_files/callext1/SVR1
/home/gen86/rmt_files/callext1/gversion.o
/opt/CA/CAGen/runtime/obj/bgnunxt.o  /home/gen86/rmt_files/callext1/SVR1.o
/home/gen86/rmt_files/callext1/P1.o     /home/gen86/rmt_files/callext1/CAB2.o
/home/gen86/rmt_files/callext1/CAB1.o   -Wl,-Bdynamic
-L/opt/CA/CAGen/runtime/lib -lcsu -lcsuvn    -Wl,-Bdynamic
-L/opt/CA/CAGen/runtime/lib -lae_tx_c -lae_nodbms -ldprt -lae_common_c
-lae_userexits_c -lmbyte -lgxlate -lvwrt -labrt         -Wl,-Bdynamic   -lm -lc
-lpthread -lnsl  -lssl -lcrypto         -lncurses       >>
/home/gen86/rmt_files/callext1/SVR1.tmp

Install trancodes for SVR1


Completed SVR1

instmsgj SVR1 IEFSIGNAL:OK

***

In file $IEFH/ief_linux.h if "-lssl" is replaced with the Linux system OpenSSL library e.g. usr/lib64/libssl.so.10 as follows:

SYSLIBS = -lpthread -lnsl -lssl -lcrypto
->
SYSLIBS = -lpthread -lnsl /usr/lib64/libssl.so.10 -lcrypto

 

Then the link will fail with the undefined symbols problem:

***
g++  -Wl,-Bdynamic   -o /home/gen86/rmt_files/callext1/SVR1
/home/gen86/rmt_files/callext1/gversion.o
/opt/CA/CAGen/runtime/obj/bgnunxt.o  /home/gen86/rmt_files/callext1/SVR1.o
/home/gen86/rmt_files/callext1/P1.o     /home/gen86/rmt_files/callext1/CAB2.o
/home/gen86/rmt_files/callext1/CAB1.o   -Wl,-Bdynamic
-L/opt/CA/CAGen/runtime/lib -lcsu -lcsuvn    -Wl,-Bdynamic
-L/opt/CA/CAGen/runtime/lib -lae_tx_c -lae_nodbms -ldprt -lae_common_c
-lae_userexits_c -lmbyte -lgxlate -lvwrt -labrt         -Wl,-Bdynamic   -lm -lc
-lpthread -lnsl /usr/lib64/libssl.so.10 -lcrypto        -lncurses       >>
/home/gen86/rmt_files/callext1/SVR1.tmp
/bin/ld: warning: libcrypto.so.10, needed by /usr/lib64/libssl.so.10, may
conflict with libcrypto.so.1.0.0
/opt/CA/CAGen/runtime/lib/libabrt.so: undefined reference to
`SSL_CTX_set_srp_username'
/opt/CA/CAGen/runtime/lib/libabrt.so: undefined reference to
`SSL_CTX_set_srp_password'

collect2: error: ld returned 1 exit status

make: *** [/home/gen86/rmt_files/callext1/SVR1] Error 1

Error installing SVR1

ERROR Make failed!

instmsgj SVR1 IEFSIGNAL:FAIL

***

The 2 functions SSL_CTX_set_srp_username and SSL_CTX_set_srp_password do not exist in OpenSSL library /usr/lib64/libssl.so.10 i.e. this command returns no results:
readelf -a /usr/lib64/libssl.so.10| egrep '(SSL_CTX_set_srp_username|SSL_CTX_set_srp_password)'

However the Gen 8.6 IT SSL library does have them:
readelf -a $IEFH/lib/libssl.so | egrep '(SSL_CTX_set_srp_username|SSL_CTX_set_srp_password)'
   465: 0000000000058e10    24 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_srp_password
   857: 0000000000058d90    22 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_srp_username_
   923: 0000000000058e30    24 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_srp_username
   269: 0000000000058e10    24 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_srp_password
   763: 0000000000058d90    22 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_srp_username_
  1037: 0000000000058e30    24 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_srp_username

Resolution

If the provided Gen IT $IEFH/lib/libssl.so library is used in the link this does not occur.

Powered by Wolken Software