When building one of our Gen modules we received some undefined symbols due to differing library version of SSL. (see below).
The situation is there are two SSL symbols that stop this CA GEn load module from being be built.
$ readelf -a $IEFH/lib/libabrt.so | egrep '(SSL_CTX_set_srp_username|SSL_CTX_set_srp_password)'
184: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND SSL_CTX_set_srp_username
287: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND SSL_CTX_set_srp_password
34031: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND SSL_CTX_set_srp_username
37773: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND SSL_CTX_set_srp_password
Using Red Hat Open SSL library for our link. The problem is that the RHEL 7.5 version of OpenSSL was built with the SRP option disabled, but CA’s libabrt.so was built on a system with that option enabled. The end result is that we have those 2 undefined symbols.
OS: RHEL 7.5, 7.6
Release : 8.6
Component : CA Gen Build Tool
User is not using Build Tool to build the application and is using manual steps which do not reference the ssl & crypto libraries provided as part of the Gen 8.6 IT (first provided in IR1 PTF rtx86100 for consuming secure web services but also updated in rtx86200) e.g.
$ cd $IEFH/lib
$ ls -al *ssl* *crypto*
lrwxrwxrwx. 1 gen86 gen86 47 Jul 26 01:47 libcrypto.so -> /opt/CA/CAGen/runtime/lib/libcrypto.so.1.0.0
-r--r--r--. 1 gen86 gen86 2584702 Sep 17 22:51 libcrypto.so.1.0.0
lrwxrwxrwx. 1 gen86 gen86 44 Jul 26 01:47 libssl.so -> /opt/CA/CAGen/runtime/lib/libssl.so.1.0.0
-r--r--r--. 1 gen86 gen86 517535 Sep 17 22:51 libssl.so.1.0.0
A normal build pulls in those libraries in via "-lssl -lcrypto" in the link step (specified in $IEFH/make/ief_linux.h) e.g. my SVR1.out shows:
***
g++ -Wl,-Bdynamic -o /home/gen86/rmt_files/callext1/SVR1
/home/gen86/rmt_files/callext1/gversion.o
/opt/CA/CAGen/runtime/obj/bgnunxt.o /home/gen86/rmt_files/callext1/SVR1.o
/home/gen86/rmt_files/callext1/P1.o /home/gen86/rmt_files/callext1/CAB2.o
/home/gen86/rmt_files/callext1/CAB1.o -Wl,-Bdynamic
-L/opt/CA/CAGen/runtime/lib -lcsu -lcsuvn -Wl,-Bdynamic
-L/opt/CA/CAGen/runtime/lib -lae_tx_c -lae_nodbms -ldprt -lae_common_c
-lae_userexits_c -lmbyte -lgxlate -lvwrt -labrt -Wl,-Bdynamic -lm -lc
-lpthread -lnsl -lssl -lcrypto -lncurses >>
/home/gen86/rmt_files/callext1/SVR1.tmp
Install trancodes for SVR1
Completed SVR1
instmsgj SVR1 IEFSIGNAL:OK
***
In file $IEFH/ief_linux.h if "-lssl" is replaced with the Linux system OpenSSL library e.g. usr/lib64/libssl.so.10 as follows:
SYSLIBS = -lpthread -lnsl -lssl -lcrypto
->
SYSLIBS = -lpthread -lnsl /usr/lib64/libssl.so.10 -lcrypto
Then the link will fail with the undefined symbols problem:
***
g++ -Wl,-Bdynamic -o /home/gen86/rmt_files/callext1/SVR1
/home/gen86/rmt_files/callext1/gversion.o
/opt/CA/CAGen/runtime/obj/bgnunxt.o /home/gen86/rmt_files/callext1/SVR1.o
/home/gen86/rmt_files/callext1/P1.o /home/gen86/rmt_files/callext1/CAB2.o
/home/gen86/rmt_files/callext1/CAB1.o -Wl,-Bdynamic
-L/opt/CA/CAGen/runtime/lib -lcsu -lcsuvn -Wl,-Bdynamic
-L/opt/CA/CAGen/runtime/lib -lae_tx_c -lae_nodbms -ldprt -lae_common_c
-lae_userexits_c -lmbyte -lgxlate -lvwrt -labrt -Wl,-Bdynamic -lm -lc
-lpthread -lnsl /usr/lib64/libssl.so.10 -lcrypto -lncurses >>
/home/gen86/rmt_files/callext1/SVR1.tmp
/bin/ld: warning: libcrypto.so.10, needed by /usr/lib64/libssl.so.10, may
conflict with libcrypto.so.1.0.0
/opt/CA/CAGen/runtime/lib/libabrt.so: undefined reference to
`SSL_CTX_set_srp_username'
/opt/CA/CAGen/runtime/lib/libabrt.so: undefined reference to
`SSL_CTX_set_srp_password'
collect2: error: ld returned 1 exit status
make: *** [/home/gen86/rmt_files/callext1/SVR1] Error 1
Error installing SVR1
ERROR Make failed!
instmsgj SVR1 IEFSIGNAL:FAIL
***
The 2 functions SSL_CTX_set_srp_username and SSL_CTX_set_srp_password do not exist in OpenSSL library /usr/lib64/libssl.so.10 i.e. this command returns no results:
readelf -a /usr/lib64/libssl.so.10| egrep '(SSL_CTX_set_srp_username|SSL_CTX_set_srp_password)'
However the Gen 8.6 IT SSL library does have them:
readelf -a $IEFH/lib/libssl.so | egrep '(SSL_CTX_set_srp_username|SSL_CTX_set_srp_password)'
465: 0000000000058e10 24 FUNC GLOBAL DEFAULT 12 SSL_CTX_set_srp_password
857: 0000000000058d90 22 FUNC GLOBAL DEFAULT 12 SSL_CTX_set_srp_username_
923: 0000000000058e30 24 FUNC GLOBAL DEFAULT 12 SSL_CTX_set_srp_username
269: 0000000000058e10 24 FUNC GLOBAL DEFAULT 12 SSL_CTX_set_srp_password
763: 0000000000058d90 22 FUNC GLOBAL DEFAULT 12 SSL_CTX_set_srp_username_
1037: 0000000000058e30 24 FUNC GLOBAL DEFAULT 12 SSL_CTX_set_srp_username
If the provided Gen IT $IEFH/lib/libssl.so library is used in the link this problem will not occur.