Fails to build on systems with OpenSSL 1.1.1

Question

Fails to build on systems with OpenSSL 1.1.1

Fanael opened this issue 6 years ago · 9 comments

Serenity pulls in native-tls 0.1.5, which depends on an old version of openssl that doesn't build on systems with OpenSSL 1.1.1.

Answer 1 · 2018-10-01T04:20:37.000Z

There's a compat branch that's working just fine (for me) with openssl v1.1.1 at ishitatsuyuki/rust-openssl, with a PR open against rust-openssl v0.9.x.

Try it yourself with a patch entry in Cargo.toml:

[patch.crates-io]
openssl = { git = "https://github.com/ishitatsuyuki/rust-openssl", branch = "0.9.x" }

Answer 2 · 2018-10-20T03:15:55.000Z

The PR has been closed, because apparently "0.9 is no longer supported" means "even if someone else does the work for us". :|

Answer 3 · 2018-11-06T01:32:46.000Z

Gonna start digging into upgrading some stuff on the serenity side to fix this, because as of now you can't build Serenity under Arch Linux, which is a huge pain.

Unfortunately there's another dependency that pulls in the old native-tls code: a crate called evzht9h3nznqzwl, which hasn't been updated in a year and has a description that makes you question why it was even used in the first place. Looks like it's an implementation of websockets.

Answer 4 · 2018-11-06T01:38:21.000Z

That crate is a fork of a websocket crate that fixed several issues at the time of its creation. The current solution until dependencies are worked out is to use the patch mentioned by @Celti. Said patch allows serenity to work as expected on platforms using newer OpenSSL versions.

Answer 5 · 2018-11-06T01:40:26.000Z

@Mishio595 What particular issues?

Just swapped it for websockets and all the tests pass. Gonna try running it.

Answer 6 · 2018-11-06T01:55:51.000Z

@ColonelThirtyTwo websockets-rs/rust-websocket#137

This causes any large payloads to often fail, for example GUILD_CREATEs of medium-large size guilds.

Answer 7 · 2019-05-24T21:13:33.000Z

Fixed in v0.6.0. Should be closed when it releases.

Answer 8 · 2019-08-25T20:42:57.000Z

How about 0.5.x users? I can't upgrade to 0.6 right now because the API is completely changed and it would take more time than I have in the immediate future (I'm looking at an upgrade later this month though).

I just ran apt update && apt full-upgrade on Ubuntu, it upgraded me to OpenSSL 1.1.1, and my Serenity-based bot is down. Even without recompiling, the TLS handshake code fails and it bombs. I'm afraid that's not OK, but the breakage is apparently on the OpenSSL side more than anything, since it breaks code that compiles and runs. I grabbed the hackaround from Celti above (thanks!) so stuff is compiling for now, but oof that isn't pretty.

Answer 9 · 2020-03-17T04:22:16.000Z

Since openssl 0.9 doesn't support OpenSSL 1.1.1,so that OpenSSL with old ver is needed
I fix this by manually set OPENSSL_DIR,OPENSSL_LIB_DIR,OPENSSL_INCLUDE_DIR to OpenSSL 1.0.1