Project

General

Profile

Actions

Bug #9714

closed

Ruby configured to call OpenSSL engine API when it shouldn't

Added by steakknife (Barry Allard) over 10 years ago. Updated about 8 years ago.

Status:
Rejected
Assignee:
-
Target version:
-
ruby -v:
ruby 2.1.1p76 (2014-02-24 revision 45161) [x86_64-darwin13.0]
[ruby-core:61905]

Description

(This issue is NOT related to the Heartbleed vulnerability.)

There is an issue compiling under OSX where system dependencies and homebrew dependencies get mixed together, resulting in an incorrectly configured Ruby which fails at runtime.

The attached patch to ext/openssl/ossl.h checks the actual configuration from openssl/ssl.h:

#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ST_ENGINE) && !defined(OPENSSL_NO_ENGINE)

instead of just

#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ST_ENGINE)

Patches

(Patches also available at https://gist.github.com/10092587)

Testing

I've tested it on several ruby 1.9.x - 2.1.1 rebuilt from source, and it seems to Do The Right Thing (tm).

All Rubies fail in a similar manner, which was expected.

Environment

Ruby 2.1.1 configure options:

--with-openssl-dir=/usr/local/opt/openssl --disable-install-doc --enable-shared

OpenSSL 1.0.1g Configure options:

zlib-dynamic shared enable-cms no-hw no-rdrand no-sctp no-md4 no-mdc2 no-rc4 no-fips no-engine

Symptoms

0 ~ ❯❯❯ gem list a -r

*** REMOTE GEMS ***

/usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require': dlopen(/usr/local/ruby/ruby-2.1.1/lib/ruby/2.1.0/x86_64-darwin13.0/openssl.bundle, 9): Symbol not found: _ENGINE_free (LoadError)
  Referenced from: /usr/local/ruby/ruby-2.1.1/lib/ruby/2.1.0/x86_64-darwin13.0/openssl.bundle
  Expected in: /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib
 in /usr/local/ruby/ruby-2.1.1/lib/ruby/2.1.0/x86_64-darwin13.0/openssl.bundle - /usr/local/ruby/ruby-2.1.1/lib/ruby/2.1.0/x86_64-darwin13.0/openssl.bundle
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/2.1.0/openssl.rb:17:in `<top (required)>'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/2.1.0/net/https.rb:22:in `<top (required)>'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/request.rb:39:in `configure_connection_for_https'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/request.rb:93:in `connection_for'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/request.rb:122:in `fetch'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/remote_fetcher.rb:337:in `request'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/remote_fetcher.rb:231:in `fetch_http'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/remote_fetcher.rb:266:in `fetch_path'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/remote_fetcher.rb:296:in `cache_update_path'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/source.rb:177:in `load_specs'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/spec_fetcher.rb:266:in `tuples_for'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/spec_fetcher.rb:226:in `block in available_specs'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/source_list.rb:97:in `each'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/source_list.rb:97:in `each_source'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/spec_fetcher.rb:222:in `available_specs'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/spec_fetcher.rb:147:in `detect'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/commands/query_command.rb:167:in `show_gems'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/commands/query_command.rb:109:in `block in execute'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/commands/query_command.rb:109:in `each'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/commands/query_command.rb:109:in `execute'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/command.rb:305:in `invoke_with_build_args'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/command_manager.rb:167:in `process_args'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/command_manager.rb:137:in `run'
	from /usr/local/ruby/ruby-2.1.1/lib/ruby/site_ruby/2.1.0/rubygems/gem_runner.rb:54:in `run'
	from /usr/local/ruby/ruby-2.1.1/bin/gem:21:in `<main>'
1 ~ ❯❯❯

Files

fix_ruby_openssl_no_engine.2.x.diff (442 Bytes) fix_ruby_openssl_no_engine.2.x.diff 2.0.0 + steakknife (Barry Allard), 04/08/2014 05:11 AM
fix_ruby_openssl_no_engine.1.9.x.diff (442 Bytes) fix_ruby_openssl_no_engine.1.9.x.diff < 2.0.0 steakknife (Barry Allard), 04/08/2014 05:12 AM
Actions #1

Updated by zzak (zzak _) over 9 years ago

  • Assignee set to 7150

Updated by rhenium (Kazuki Yamaguchi) about 8 years ago

  • Status changed from Open to Rejected

Indeed we should check for OPENSSL_NO_ENGINE instead of the existence of openssl/engine.h, and it's actually done in trunk (r55162).

However it is strange that this causes a runtime error. The existence of the header is checked by the have_header defined in mkmf, which sees if a code like this can be successfully preprocessed or not:

#include "ruby.h"

#include <openssl/engine.h>

This should work even if openssl/engine.h erroneously exists because openssl/engine.h checks that OPENSSL_NO_ENGINE is not defined, otherwise causes a fatal error using #error directive.

Actions

Also available in: Atom PDF

Like0
Like0Like0