CA Gen 8.6 Linux application calling secure web service (CALL EXTERNAL) fails build with undefined reference to `SSL_CTX_set_srp_username' and 'SSL_CTX_set_srp_password'
search cancel

CA Gen 8.6 Linux application calling secure web service (CALL EXTERNAL) fails build with undefined reference to `SSL_CTX_set_srp_username' and 'SSL_CTX_set_srp_password'

book

Article ID: 137185

calendar_today

Updated On:

Products

Gen

Issue/Introduction

When building one of our Gen modules we received some undefined symbols due to differing library version of SSL. (see below).

The situation is there are two SSL symbols that stop this CA GEn load module from being be built.

$ readelf -a $IEFH/lib/libabrt.so | egrep '(SSL_CTX_set_srp_username|SSL_CTX_set_srp_password)'
184: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND SSL_CTX_set_srp_username
287: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND SSL_CTX_set_srp_password
34031: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND SSL_CTX_set_srp_username
37773: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND SSL_CTX_set_srp_password


Using Red Hat Open SSL library for our link. The problem is that the RHEL 7.5 version of OpenSSL was built with the SRP option disabled, but CA’s libabrt.so was built on a system with that option enabled. The end result is that we have those 2 undefined symbols.


Environment

OS: RHEL 7.5, 7.6

Release : 8.6

Component : CA Gen Build Tool

Cause

User is not using Build Tool to build the application and is using manual steps which do not reference the ssl & crypto libraries provided as part of the Gen 8.6 IT (first provided in IR1 PTF rtx86100 for consuming secure web services but also updated in rtx86200)  e.g.

$ cd $IEFH/lib

$ ls -al *ssl* *crypto*

lrwxrwxrwx. 1 gen86 gen86      47 Jul 26 01:47 libcrypto.so -> /opt/CA/CAGen/runtime/lib/libcrypto.so.1.0.0

-r--r--r--. 1 gen86 gen86 2584702 Sep 17 22:51 libcrypto.so.1.0.0

lrwxrwxrwx. 1 gen86 gen86      44 Jul 26 01:47 libssl.so -> /opt/CA/CAGen/runtime/lib/libssl.so.1.0.0

-r--r--r--. 1 gen86 gen86  517535 Sep 17 22:51 libssl.so.1.0.0


A normal build pulls in those libraries in via "-lssl -lcrypto" in the link step (specified in $IEFH/make/ief_linux.h) e.g.  my SVR1.out shows:

***

g++  -Wl,-Bdynamic   -o /home/gen86/rmt_files/callext1/SVR1

/home/gen86/rmt_files/callext1/gversion.o

/opt/CA/CAGen/runtime/obj/bgnunxt.o  /home/gen86/rmt_files/callext1/SVR1.o

/home/gen86/rmt_files/callext1/P1.o     /home/gen86/rmt_files/callext1/CAB2.o

/home/gen86/rmt_files/callext1/CAB1.o   -Wl,-Bdynamic

-L/opt/CA/CAGen/runtime/lib -lcsu -lcsuvn    -Wl,-Bdynamic

-L/opt/CA/CAGen/runtime/lib -lae_tx_c -lae_nodbms -ldprt -lae_common_c

-lae_userexits_c -lmbyte -lgxlate -lvwrt -labrt         -Wl,-Bdynamic   -lm -lc

-lpthread -lnsl  -lssl -lcrypto         -lncurses       >>

/home/gen86/rmt_files/callext1/SVR1.tmp

Install trancodes for SVR1


Completed SVR1

instmsgj SVR1 IEFSIGNAL:OK

***


In file $IEFH/ief_linux.h if "-lssl" is replaced with the Linux system OpenSSL library e.g. usr/lib64/libssl.so.10 as follows:

SYSLIBS = -lpthread -lnsl -lssl -lcrypto

->

SYSLIBS = -lpthread -lnsl /usr/lib64/libssl.so.10 -lcrypto


Then the link will fail with the undefined symbols problem:

***

g++  -Wl,-Bdynamic   -o /home/gen86/rmt_files/callext1/SVR1

/home/gen86/rmt_files/callext1/gversion.o

/opt/CA/CAGen/runtime/obj/bgnunxt.o  /home/gen86/rmt_files/callext1/SVR1.o

/home/gen86/rmt_files/callext1/P1.o     /home/gen86/rmt_files/callext1/CAB2.o

/home/gen86/rmt_files/callext1/CAB1.o   -Wl,-Bdynamic

-L/opt/CA/CAGen/runtime/lib -lcsu -lcsuvn    -Wl,-Bdynamic

-L/opt/CA/CAGen/runtime/lib -lae_tx_c -lae_nodbms -ldprt -lae_common_c

-lae_userexits_c -lmbyte -lgxlate -lvwrt -labrt         -Wl,-Bdynamic   -lm -lc

-lpthread -lnsl /usr/lib64/libssl.so.10 -lcrypto        -lncurses       >>

/home/gen86/rmt_files/callext1/SVR1.tmp

/bin/ld: warning: libcrypto.so.10, needed by /usr/lib64/libssl.so.10, may

conflict with libcrypto.so.1.0.0

/opt/CA/CAGen/runtime/lib/libabrt.so: undefined reference to

`SSL_CTX_set_srp_username'

/opt/CA/CAGen/runtime/lib/libabrt.so: undefined reference to

`SSL_CTX_set_srp_password'

collect2: error: ld returned 1 exit status

make: *** [/home/gen86/rmt_files/callext1/SVR1] Error 1

Error installing SVR1

ERROR Make failed!

instmsgj SVR1 IEFSIGNAL:FAIL

***


The 2 functions SSL_CTX_set_srp_username and SSL_CTX_set_srp_password do not exist in OpenSSL library /usr/lib64/libssl.so.10 i.e. this command returns no results:

readelf -a /usr/lib64/libssl.so.10| egrep '(SSL_CTX_set_srp_username|SSL_CTX_set_srp_password)'


However the Gen 8.6 IT SSL library does have them:

readelf -a $IEFH/lib/libssl.so | egrep '(SSL_CTX_set_srp_username|SSL_CTX_set_srp_password)'

   465: 0000000000058e10    24 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_srp_password

   857: 0000000000058d90    22 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_srp_username_

   923: 0000000000058e30    24 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_srp_username

   269: 0000000000058e10    24 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_srp_password

   763: 0000000000058d90    22 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_srp_username_

  1037: 0000000000058e30    24 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_srp_username

Resolution

If the provided Gen IT $IEFH/lib/libssl.so library is used in the link this problem will not occur.

Powered by Wolken Software