[Pkg-openssl-devel] [Pkg-salt-team] Bug#844503: Acknowledgement (salt-call fails with libcrypto.so.1.1: undefined symbol: OPENSSL_no_config)

Emilio Pozuelo Monfort pochu at debian.org
Wed Nov 23 17:09:24 UTC 2016 

On Fri, 18 Nov 2016 15:22:07 +0100 Benjamin Drung
<benjamin.drung at profitbricks.com> wrote:
> tags 844503 upstream
> forwarded 844503 https://github.com/saltstack/salt/pull/37772
> thanks
> 
> Am Donnerstag, den 17.11.2016, 21:50 +0100 schrieb Sebastian Andrzej
> Siewior:
> > control: tags -1 patch
> > 
> > On 2016-11-16 12:14:43 [+0100], Filip Pytloun wrote:
> > > To reproduce the issue simply install salt-master and run salt-
> > > call:
> > > 
> > > Â Â Â Â apt-get install salt-master
> > > Â Â Â Â salt-call
> > > 
> > > Following exception will occur:
> > > 
> > > Traceback (most recent call last):
> > > Â  File "/usr/bin/salt-call", line 11, in <module>
> > > Â Â Â Â salt_call()
> > 
> > …
> > > Â  File "/usr/lib/python2.7/dist-packages/salt/utils/rsax931.py",
> > > line 63, in _init_libcrypto
> > > Â Â Â Â libcrypto.OPENSSL_no_config()
> > > Â  File "/usr/lib/python2.7/ctypes/__init__.py", line 375, in
> > > __getattr__
> > > Â Â Â Â func = self.__getitem__(name)
> > > Â  File "/usr/lib/python2.7/ctypes/__init__.py", line 380, in
> > > __getitem__
> > > Â Â Â Â func = self._FuncPtr((name_or_ordinal, self))
> > > AttributeError: /lib/x86_64-linux-gnu/libcrypto.so.1.1: undefined
> > > symbol: OPENSSL_no_config
> > 
> > the problem is that salt/rsax931.py loads the library manually and
> > expects certain symbols which are no longer available in OpenSSL
> > 1.1.0.
> > And it loads the first libcrypto it finds plus has no dependency on
> > openssl.
> 
> Instead of forcing salt to use OpenSSL 1.0, let's try to make it work
> with OpenSSL 1.1. Adjusting the initialization to work with OpenSSL 1.1
> was quite easy. I forwarded the patch upstream to
> https://github.com/saltstack/salt/pull/37772 to get it reviewed and
> accepted.

Nice.

Do you want to wait for upstream before uploading this? It is going to block
openssl 1.1 from entering testing due to the Breaks that it got, which in turn
is blocking quite a bunch of stuff. So it'd be good to get this fixed soon.

Thanks,
Emilio

More information about the Pkg-openssl-devel mailing list