[
https://issues.apache.org/jira/browse/THRIFT-5706?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17721489#comment-17721489
]
Joe McDonnell edited comment on THRIFT-5706 at 5/11/23 4:35 AM:
----------------------------------------------------------------
The reason this was added is that OpenSSL can be built with TLS 1.0 / 1.1
defaulting to off. However, this is not specific to OpenSSL 3. On Ubuntu 20.04,
OpenSSL 1.1.1 is built with TLS 1.0/1.1 off by default. See this Ubuntu thread:
[https://discourse.ubuntu.com/t/default-to-tls-v1-2-in-all-tls-libraries-in-20-04-lts/12464/3]
It seems like what we really want to do is set @SECLEVEL=1 for this test. On my
Ubuntu 20 setup, that works. We can check with Ubuntu 22 to see what happens
for OpenSSL 3. Edit: On Ubuntu 22 / OpenSSL 3, this would require @SECLEVEL=0
rather than 1.
was (Author: joemcdonnell):
The reason this was added is that OpenSSL can be built with TLS 1.0 / 1.1
defaulting to off. However, this is not specific to OpenSSL 3. On Ubuntu 20.04,
OpenSSL 1.1.1 is built with TLS 1.0/1.1 off by default. See this Ubuntu thread:
[https://discourse.ubuntu.com/t/default-to-tls-v1-2-in-all-tls-libraries-in-20-04-lts/12464/3]
It seems like what we really want to do is set @SECLEVEL=1 for this test. On my
Ubuntu 20 setup, that works. We can check with Ubuntu 22 to see what happens
for OpenSSL 3.
> C++ SecurityTest/SecurityFromBufferTest won't build with OpenSSL v1
> -------------------------------------------------------------------
>
> Key: THRIFT-5706
> URL: https://issues.apache.org/jira/browse/THRIFT-5706
> Project: Thrift
> Issue Type: Bug
> Components: C++ - Library
> Affects Versions: 0.19.0
> Reporter: Joe McDonnell
> Priority: Major
>
> C++ SecurityTest / SecurityFromBufferTest hit this error when trying to build:
> {noformat}
> SecurityTest.cpp: In member function ‘void
> SecurityTest::ssl_security_matrix::test_method()’:
> SecurityTest.cpp:224:22: error: ‘OPENSSL_VERSION_MAJOR’ was not declared in
> this scope; did you mean ‘OPENSSL_VERSION_NUMBER’?
> 224 | bool ossl1 = OPENSSL_VERSION_MAJOR == 1;
> | ^~~~~~~~~~~~~~~~~~~~~
> | OPENSSL_VERSION_NUMBER
> make[5]: *** [Makefile:1407: SecurityTest.o] Error 1
> {noformat}
> OPENSSL_VERSION_MAJOR is new in OpenSSL 3. Older versions of OpenSSL used
> OPENSSL_VERSION_NUMBER. Here is the description from my Ubuntu 20 box:
> {noformat}
> /*-
> * Numeric release version identifier:
> * MNNFFPPS: major minor fix patch status
> * The status nibble has one of the values 0 for development, 1 to e for betas
> * 1 to 14, and f for release. The patch level is exactly that.
> * For example:
> * 0.9.3-dev 0x00903000
> * 0.9.3-beta1 0x00903001
> * 0.9.3-beta2-dev 0x00903002
> * 0.9.3-beta2 0x00903002 (same as ...beta2-dev)
> * 0.9.3 0x0090300f
> * 0.9.3a 0x0090301f
> * 0.9.4 0x0090400f
> * 1.2.3z 0x102031af
> *
> * For continuity reasons (because 0.9.5 is already out, and is coded
> * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
> * part is slightly different, by setting the highest bit. This means
> * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start
> * with 0x0090600S...
> *
> * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
> * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
> * major minor fix final patch/beta)
> */
> # define OPENSSL_VERSION_NUMBER 0x1010106fL{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
