Comments (12)
Hi @kishorekrd
Looks like you are using BoringSSL. Do you see the same issue even with OpenSSL?
from nuraft.
Yes, I have seen 3 more different crashes in BoringSSL while running NuRaft. I did not change any NuRaft configuration. I built NuRaft with default configuration. I don't see BoringSSL installed on my system. Here is the list of ssl packages
$ sudo dpkg-query -l | grep -i ssl
ii libcurl4:amd64 7.58.0-2ubuntu3.12 amd64 easy-to-use client-side URL transfer library (OpenSSL flavour)
ii libcurl4-openssl-dev:amd64 7.58.0-2ubuntu3.12 amd64 development files and documentation for libcurl (OpenSSL flavour)
ii libflac8:amd64 1.3.2-1 amd64 Free Lossless Audio Codec - runtime C library
ii libio-socket-ssl-perl 2.060-3~ubuntu18.04.1 all Perl module implementing object oriented interface to SSL sockets
ii libnet-smtp-ssl-perl 1.04-1 all Perl module providing SSL support to Net::SMTP
ii libnet-ssleay-perl 1.84-1ubuntu0.2 amd64 Perl module for Secure Sockets Layer (SSL)
ii libssl-dev:amd64 1.1.1-1ubuntu2.1~18.04.9 amd64 Secure Sockets Layer toolkit - development files
ii libssl1.0.0:amd64 1.0.2n-1ubuntu5.6 amd64 Secure Sockets Layer toolkit - shared libraries
ii libssl1.1:amd64 1.1.1-1ubuntu2.1~18.04.9 amd64 Secure Sockets Layer toolkit - shared libraries
ii libwavpack1:amd64 5.1.0-2ubuntu1.5 amd64 audio codec (lossy and lossless) - library
ii libxmlsec1-openssl:amd64 1.2.25-1build1 amd64 Openssl engine for the XML security library
ii libzstd1:amd64 1.3.3+dfsg-2ubuntu1.2 amd64 fast lossless compression algorithm
**ii openssl 1.1.1-1ubuntu2.1~18.04.9 amd64 Secure Sockets Layer toolkit - cryptographic utility**
ii perl-openssl-defaults:amd64 3build1 amd64 version compatibility baseline for Perl OpenSSL packages
ii python3-certifi 2018.1.18-2 all root certificates for validating SSL certs and verifying TLS hosts (python3)
ii python3-openssl 17.5.0-1ubuntu1 all Python 3 wrapper around the OpenSSL library
ii python3-service-identity 16.0.0-2 all Service identity verification for pyOpenSSL (Python 3 module)
from nuraft.
I think it is compiled with a custom library, not from the system path.
OPENSSL_free (orig_ptr=0x7fff480018f8) at external/boringssl/src/crypto/mem.c:154
What is the CMake message (when you do cmake ..
) for SSL library path? It should be like this if it uses the system library:
-- Open SSL library path: /usr/lib/x86_64-linux-gnu/libssl.a
If it is not, you may manually add the path /usr/lib/x86_64-linux-gnu
to CMakeLists.txt
, so as to make it scanned first:
find_path(OPENSSL_LIBRARY_PATH
NAMES libssl.a
PATHS /usr/lib/x86_64-linux-gnu
${PROJECT_SOURCE_DIR}
${DEPS_PREFIX}/lib
${DEPS_PREFIX}/lib64
/usr/local/opt/openssl/lib
${LIB_PATH_HINT})
from nuraft.
Yes, I see it
-- deps prefix is not given
-- Open SSL library path: /usr/lib/x86_64-linux-gnu/libssl.a
-- Output library file name: libnuraft.a
-- Configuring done
-- Generating done
Even though NuRaft is built with openssl, it is somehow using boringssl. Is there anyway I can force Nuraft to use openssl?
from nuraft.
From what you shared, I think the below is the case
- Your NuRaft is built with OpenSSL (it is a static library so that NuRaft itself doesn't include OpenSSL objects).
- But, your executable binary (using NuRaft) is linked with BoringSSL.
To avoid such wrong linkage, you may need to
- Build NuRaft with BoringSSL, or
- Use OpenSSL for your executable binary.
from nuraft.
Thanks for the response. If I don't want to use SSL right now, Can I use mock_ssl by disabling SSL ?
cmake -DDISABLE_SSL=1 ../
from nuraft.
Yes you can. But does this happen even though you don't set below enable_ssl_
option?
asio_service::options asio_opt;
asio_opt.enable_ssl_ = true;
https://github.com/eBay/NuRaft/blob/master/docs/enabling_ssl.md
from nuraft.
Yes that's correct. I have this following settings
asio_service::options asio_opt;
asio_opt.enable_ssl_ = false;
What is the default behavior?
from nuraft.
Default is false
. I just wonder if this issue happens with the false
option.
from nuraft.
Even with false, the issue is happening. I think the main issue is mixing openssl and Boringssl.
As you mentioned
To avoid such wrong linkage, you may need to
Build NuRaft with BoringSSL, or
Use OpenSSL for your executable binary.
from nuraft.
Hi, Even though I disabled SSL for Nuraft build, I am still seeing asio running some ssl code.
Jun 13 20:39:27 -- Build type is not given, use default.
Jun 13 20:39:27 -- Build type: RelWithDebInfo
Jun 13 20:39:27 -- Build Install Prefix : /home/user/thirdparty/NuRaft/install
Jun 13 20:39:27 -- ASIO include path: /home/azureuser/work2/barrel/thirdparty/NuRaft/asio/asio/include
Jun 13 20:39:27 -- deps prefix is not given
Jun 13 20:39:27 -- ---- DISABLED SSL ----
Jun 13 20:39:27 -- Output library file name: libnuraft.a
How to disable SSL completely for Nuraft and also asio?
How can I build Nuraft with Boringssl?
I see flag OPENSSL_IS_BORINGSSL in asio code. How to use this flag?
from nuraft.
@kishorekrd
If -DDISABLE_SSL
option is on, NuRaft does not even include SSL library (LIBSSL
must be empty):
Lines 130 to 139 in 714db11
You can check symbols in libnuraft.a
:
$ nm libnuraft.a -C | grep ssl
If it is compiled correctly, the only thing you can see should be mock_ssl
.
from nuraft.
Related Issues (20)
- Clean up CMakeLists HOT 2
- nuraft 2.0.0 cannot work on centos7 + centos8 HOT 2
- Preconditions of apply_pack HOT 1
- handle_append_entries_resp() declined append HOT 1
- How to use NuRaft with CMake's FetchContent? HOT 12
- CMake targets should be namespaced using ALIAS targets
- CMake targets are missing usage requirements
- Leadership yielding is not synchronized with replicated log HOT 1
- Should the type be uint8_t instead of size_t for serialize_v1p(...) in srv_state.hxx line 133 HOT 1
- This is a question, not an issue. About `state_machine::pre_commit` HOT 2
- Does nuraft support linearizable read if generating no raft log entry of read requests? HOT 2
- Out of order call to state_machine::create_snapshot() when manually triggering a snapshot HOT 4
- Found a MSan error in Asio HOT 4
- Data race in peer HOT 3
- auto_fwd_resp_handler should forward resp->get_result_code
- src/tracer.hxx:52 stack-buffer-overflow when using vsnprintf's return value
- cmd_result::get_result_str missing `SERVER_IS_LEAVING`
- The semantics of the nuraft::snapshot HOT 3
- Merge two clusters into one HOT 1
- Misleading append_entries result code HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nuraft.