Enabling OpenSSL TLS supports causes symbols to be dropped from the library
mbiebl opened this issue · 11 comments
Version: 1.5.0
So far, I have disabled OpenSSL support in the Debian librelp package (via --disable-tls-openssl).
GnuTLS is enabled.
Turning on OpenSSL support results in the following diff of the library symbols:
+++ dpkg-gensymbolsIWQoLV 2020-01-14 18:05:47.328485132 +0100
@@ -133,9 +133,10 @@
relpSrvSetUsrPtr@Base 0.1.3
relpTcpAbortDestruct@Base 0.1.1
relpTcpAcceptConnReq@Base 0.1.1
- relpTcpAcceptConnReqInitTLS_ossl@Base 1.4.0
+#MISSING: 1.5.0-1# relpTcpAcceptConnReqInitTLS_ossl@Base 1.4.0
+ relpTcpChkPeerAuth@Base 1.5.0-1
relpTcpConnect@Base 0.1.1
- relpTcpConnectTLSInit_ossl@Base 1.4.0
+#MISSING: 1.5.0-1# relpTcpConnectTLSInit_ossl@Base 1.4.0
relpTcpConstruct@Base 0.1.1
relpTcpDestruct@Base 0.1.1
relpTcpDestructTLS@Base 1.4.0
@@ -144,11 +145,13 @@
relpTcpEnableTLS@Base 1.1.0
relpTcpEnableTLSZip@Base 1.1.1
relpTcpGetRtryDirection@Base 1.1.0
- relpTcpGetRtryDirection_ossl@Base 1.4.0
+#MISSING: 1.5.0-1# relpTcpGetRtryDirection_ossl@Base 1.4.0
relpTcpHintBurstBegin@Base 1.1.4
relpTcpHintBurstEnd@Base 1.1.4
+ relpTcpLastSSLErrorMsg@Base 1.5.0-1
relpTcpLstnInit@Base 0.1.1
- relpTcpLstnInitTLS_ossl@Base 1.4.0
+#MISSING: 1.5.0-1# relpTcpLstnInitTLS_ossl@Base 1.4.0
+ relpTcpPostHandshakeCheck@Base 1.5.0-1
relpTcpRcv@Base 0.1.1
relpTcpRcv_gtls@Base 1.4.0
relpTcpRcv_ossl@Base 1.4.0
@@ -168,4 +171,5 @@
relpTcpSetPrivKey@Base 1.1.3
relpTcpSetTlsConfigCmd@Base 1.5.0
relpTcpSetUsrPtr@Base 1.1.3
+ relpTcpSslInitCerts@Base 1.5.0-1
relpTcpWaitWriteable@Base 1.1.4
Apparently, enabling OpenSSL support causes relpTcpAcceptConnReqInitTLS_ossl, relpTcpConnectTLSInit_ossl, relpTcpGetRtryDirection_ossl and relpTcpLstnInitTLS_ossl to be dropped from the library.
Is this expected?
It seems that if you enable OpenSSL or GnuTLS support, the stub functions are exported as symbols. Once you enable OpenSSL or GnuTLS, the symbols are no longer exported.
Can be verified with nm -gD /path/to/librelp.so
@rgerhards any ideas why some of the _ossl symbols go missing once I build with --enable-tls-openssl?
Why are the _gtls and _ossl symbols exported at all?
Looking more closely, there are many more symbols that are not part of the public API and should thus be private and hidden but are currently exposed as part of the library.
relpCCServerclose
relpCltConstruct
relpCltDestruct
relpEngineCallOnGenericErr
relpEngineDispatchFrame
relpFrameBuildSendbuf
relpFrameConstruct
relpFrameConstructWithData
relpFrameDestruct
relpFrameGetNextC
relpFrameProcessOctetRcvd
relpFrameRewriteTxnr
relpFrameSetCmd
relpFrameSetData
relpFrameSetTxnr
relpOfferAdd
relpOfferValueAdd
relpOffersConstruct
relpOffersConstructFromFrame
relpOffersDestruct
relpOffersToString
relpSCClose
relpSCInit
relpSCRsp
relpSCSyslog
relpSendbufConstruct
relpSendbufDestruct
relpSendbufSend
relpSendbufSendAll
relpSendbufSetData
relpSendqAddBuf
relpSendqConstruct
relpSendqDelFirstBuf
relpSendqDestruct
relpSendqIsEmpty
relpSendqSend
relpSessAcceptAndConstruct
relpSessAddUnacked
relpSessCltConnChkOffers
relpSessConnect
relpSessConstruct
relpSessConstructOffers
relpSessDestruct
relpSessEnableTLS
relpSessEnableTLSZip
relpSessGetUnacked
relpSessRcvData
relpSessSendCommand
relpSessSendResponse
relpSessSendSyslog
relpSessSetAuthMode
relpSessSetCACert
relpSessSetClientIP
relpSessSetConnTimeout
relpSessSetEnableCmd
relpSessSetGnuTLSPriString
relpSessSetMaxDataSize
relpSessSetOwnCert
relpSessSetPermittedPeers
relpSessSetPrivKey
relpSessSetProtocolVersion
relpSessSetTimeout
relpSessSetTlsConfigCmd
relpSessSetUsrPtr
relpSessSetWindowSize
relpSessSndData
relpSessTryReestablish
relpSrvConstruct
relpSrvDestruct
relpSrvRun
relpSrvSetEnableCmd
relpSrvSetFamily
relpTcpAbortDestruct
relpTcpAcceptConnReq
relpTcpAcceptConnReqInitTLS_gtls
relpTcpAcceptConnReqInitTLS_ossl
relpTcpConnect
relpTcpConnectTLSInit_gtls
relpTcpConnectTLSInit_ossl
relpTcpConstruct
relpTcpDestruct
relpTcpDestructTLS
relpTcpDestructTLS_gtls
relpTcpDestructTLS_ossl
relpTcpEnableTLS
relpTcpEnableTLSZip
relpTcpGetRtryDirection
relpTcpGetRtryDirection_gtls
relpTcpGetRtryDirection_ossl
relpTcpHintBurstBegin
relpTcpHintBurstEnd
relpTcpLstnInit
relpTcpLstnInitTLS_gtls
relpTcpLstnInitTLS_ossl
relpTcpRcv
relpTcpRcv_gtls
relpTcpRcv_ossl
relpTcpRtryHandshake
relpTcpRtryHandshake_gtls
relpTcpRtryHandshake_ossl
relpTcpSend
relpTcpSend_gtls
relpTcpSend_ossl
relpTcpSetAuthMode
relpTcpSetCACert
relpTcpSetConnTimeout
relpTcpSetDHBits
relpTcpSetGnuTLSPriString
relpTcpSetOwnCert
relpTcpSetPermittedPeers
relpTcpSetPrivKey
relpTcpSetTlsConfigCmd
relpTcpSetUsrPtr
relpTcpTLSSetPrio_gtls
relpTcpWaitWriteable
relpTcpSslInitCerts
relpTcpPostHandshakeCheck
relpTcpLastSSLErrorMsg
relpTcpChkPeerAuth
The *_gtls and *_ossl functions are driver specific versions for either gnutls or openssl.
That those functions are exported is unintended and will be fixed.
see also #99 (comment)
@alorbach I think we can say that the public API never contains "_" and reserve that for the drivers.
Thanks, with 1.6.0 the _gtls and _ossl symbols are no longer exported.
There is still a mismatch though between what's exposed in the API (librelp.h) and the list of symbols exported by the .so. See #179 (comment)
Should I open a separate issue for that?
There is still a mismatch though between what's exposed in the API (librelp.h) and the list of symbols exported by the .so. See #179 (comment)
I admit I overlooked that part.
Should I open a separate issue for that?
Would be great!
side-note: we plan to do another update to librelp in the not so distant future as we have observed a memory leak during recent testing. This was already present and is no regression, but we want to iron it out (and wanted to do so without holding the more pressing bug fixes).
There is still a mismatch though between what's exposed in the API (librelp.h) and the list of symbols exported by the .so. See #179 (comment)
I admit I overlooked that part.
Should I open a separate issue for that?
Would be great!
Ok, I'll compile an up-to-date list then for 1.6.0