[GemStone-Smalltalk] GBS8.7.1 + VW 9.3.1 + TLS/SSL external library conflicts on linux?

David Shaffer shaffer at shaffer-consulting.com
Fri Jun 7 08:53:05 PDT 2024 

I’m getting a walkback when making TLS/SSL requests in an image that also happens to be interacting with GemStone via RPC.  I’ve included a Smalltalk code fragment that reliably reproduces the problem in the latest Ubuntu docker image but I’m guessing that it has nothing to do with docker or ubuntu, in particular.  

To reproduce the problem, make sure that your ubuntu install includes libcrypto.so <http://libcrypto.so/> and libssl.so <http://libssl.so/> and set up VW as instructed in the VW docs:

export VW_LIBCRYPTO=“/path/to/libcrypto.so <http://libcrypto.so/>”
export LD_LIBRARY_PATH=“/path/to”

Note that setting LD_LIBRARY_PATH is required so that the version of libcrypto that VW loads will correctly load libssl.  In my experience this problem is not sensitive to these settings so as long as you have HTTPS working in your VW image, you can probably still reproduce this problem.  Run a fresh VW 9.3.1 image and load the following parcels (the error does not seem sensitive to which parcels are loaded but for reproducibility’s sake best to load them as listed):

GbsRuntime
TLS-Plugin
HTTPS
GemBuilderPatches — attached, includes a fix for missing #connectorsList method
External-Cryptography

Start up a fresh GemStone database (version doesn’t seem to matter, I’m using 3.6.5 in production so I mostly tested there).  Run the following adjusting host names, ports and library names as needed.

    |p|
    Transcript
       show: (Crypto.LibCryptoEVPInterface versionString ifNil: ['nil']); 
       cr; 
       show: (Crypto.LibCryptoEVPInterface openSSLDir ifNil: ['nil']); 
       cr.
    TLSPlugin.TLSLinuxCertificate trustedCACerts: '/etc/ssl/certs/ca-certificates.crt’.    “Needed for HTTPS to google"
    (GbsConfiguration default)
		alwaysUseGemCursor: false;
		confirm: false;
		generateClassConnectors: false;
		libraryName: './libgcirpc-3.6.5-64.so';
		removeInvalidConnectors: true;
		verbose: false;
		apply.
    p := GbsSessionParameters
				newWithGemStoneName: ‘!@localhost#netldi:40055!gs64stone'
				username: 'SystemUser'
                                password: 'swordfish'.
    p gemService: '!@172.17.0.3#netldi:40055!gemnetobject'.
    p login.
    Transcript show: 'https://www.google.com' asURI get printString; cr.
    ObjectMemory quit.

You should get an error during closing of the HTTPS socket connected to google.  This problem is not particular to who you are making the HTTPS connection to so I just used google for simplicity.  In my experimentation, making EITHER of the following changes fixes the problem:

1) copy the statement that causes HTTPS get request so that it occurs before the #login.  After that, all HTTPS requests will work fine.

2) Remove the initial two references and message sends to Crypto.LibCryptoEVPInterface.


This problem does not seem to occur in VW 9.1.1 and Cincom updated VW to use openssl3 somewhere between 9.1.1 and 9.3.1 so my /guess/ is that there is now an issue in resolution of external function calls to the libssl loaded by VW and the one loaded by GBS.

If anyone else is experiencing these problems the workaround is simple: make a successful SSL request (to anywhere) before logging into a GemStone DB.

Best,

David


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gemtalksystems.com/mailman/archives/gemstone-smalltalk/attachments/20240607/0ed3523b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: GemBuilderPatches.pst
Type: application/octet-stream
Size: 1838 bytes
Desc: not available
URL: <http://lists.gemtalksystems.com/mailman/archives/gemstone-smalltalk/attachments/20240607/0ed3523b/attachment.obj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gemtalksystems.com/mailman/archives/gemstone-smalltalk/attachments/20240607/0ed3523b/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: GemBuilderPatches.pcl
Type: application/octet-stream
Size: 952 bytes
Desc: not available
URL: <http://lists.gemtalksystems.com/mailman/archives/gemstone-smalltalk/attachments/20240607/0ed3523b/attachment-0001.obj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gemtalksystems.com/mailman/archives/gemstone-smalltalk/attachments/20240607/0ed3523b/attachment-0002.htm>

More information about the GemStone-Smalltalk mailing list