[GemStone-Smalltalk] GBS8.7.1 + VW 9.3.1 + TLS/SSL external library conflicts on linux?

David Shaffer shaffer at shaffer-consulting.com
Fri Jun 7 09:00:27 PDT 2024 

For reference, here are some stack frames when supplied code is executed:
Unhandled exception: exception occured #(11 18446744073709551615)

----------------------------------------------------------------------
TLSPlugin.TLSInterface(ExternalInterface)>>externalAccessFailedWith:
Receiver:
	a TLSPlugin.TLSInterface
Arguments:
	errorCode = a SystemError(#'exception occured',#(11 18446744073709551615))
Temporaries:
	errorString = 'exception occured #(11 18446744073709551615)'
Context PC = 44

----------------------------------------------------------------------
TLSPlugin.TLSInterface>>sqDestroySSL:
Receiver:
	a TLSPlugin.TLSInterface
Arguments:
	handle = 1
Temporaries:
	_errorCode = a SystemError(#'exception occured',#(11 18446744073709551615))
Context PC = 10

----------------------------------------------------------------------
ExternalMethod>>unlinkedCall:arguments:
Receiver:
	an ExternalMethod
Instance Variables:
	bytes = a ByteArray[11]
	mclass = TLSPlugin.TLSInterface
	sourceCode = 45334173
	handle = 140290958596091
	specifierFlags = 18
	argumentKinds = a ByteArray[2]
	structArgSize = 0
	structReturnSize = 0
	datumClass = CDatum
	resultType = sqInt
	virtuals = nil
	methodSelector = #sqDestroySSL:
	external = #sqDestroySSL
Arguments:
	receiver = a TLSPlugin.TLSInterface
	arguments = an Array[1]
Context PC = 15

----------------------------------------------------------------------
optimized [] in TLSPlugin.TLSConnection>>close
Receiver:
	an UndefinedObject
Temporaries:
	.self = [1] 685437 TLSClientConnection #disconnected
Context PC = 7

----------------------------------------------------------------------
BlockClosure>>cull:
Receiver:
	a BlockClosure
Instance Variables:
	method = CompiledBlock [] in TLSPlugin.TLSConnection>>close
	outerContext = nil
	copiedValues = [1] 685437 TLSClientConnection #disconnected
Arguments:
	anObject = 1
Context PC = 10

----------------------------------------------------------------------
SmallInteger(Object)>>ifNotNil:
Receiver:
	a SmallInteger
Arguments:
	aBlock = BlockClosure [] in TLSPlugin.TLSConnection>>close
Context PC = 4

----------------------------------------------------------------------
TLSPlugin.TLSClientConnection(TLSPlugin.TLSConnection)>>close
Receiver:
	a TLSPlugin.TLSClientConnection
Instance Variables:
	subscriptionRegistry = nil
	timeout = 20000
	handle = 1
	tlsAppLayerProtocol = nil
	input = nil
	output = nil
	context = a TLSPlugin.TLSClientContext
	socket = an active SocketAccessor
	state = #disconnected
Context PC = 49

----------------------------------------------------------------------
TLSPlugin.TLSClientConnection(TLSPlugin.TLSConnection)>>processHandshakeError:
Receiver:
	a TLSPlugin.TLSClientConnection
Instance Variables:
	subscriptionRegistry = nil
	timeout = 20000
	handle = 1
	tlsAppLayerProtocol = nil
	input = nil
	output = nil
	context = a TLSPlugin.TLSClientContext
	socket = an active SocketAccessor
	state = #disconnected
Arguments:
	retCode = -5
Temporaries:
	err = 'Handshake failed:  sqConnectSSL: SSL_connect failed'
	text = 'Handshake failed:  sqConnectS...ed code: SQSSL_GENERIC_ERROR'
Context PC = 31

----------------------------------------------------------------------
TLSPlugin.TLSClientConnection>>doHandshake
Receiver:
	a TLSPlugin.TLSClientConnection
Instance Variables:
	subscriptionRegistry = nil
	timeout = 20000
	handle = 1
	tlsAppLayerProtocol = nil
	input = nil
	output = nil
	context = a TLSPlugin.TLSClientContext
	socket = an active SocketAccessor
	state = #disconnected
Temporaries:
	ret = -5
	sourceBuffer = a ByteArray[32768]
	destBuffer = a ByteArray[32768]
	srcSize = 0
Context PC = 53

----------------------------------------------------------------------
TLSPlugin.TLSClientConnection>>connect
Receiver:
	a TLSPlugin.TLSClientConnection
Instance Variables:
	subscriptionRegistry = nil
	timeout = 20000
	handle = 1
	tlsAppLayerProtocol = nil
	input = nil
	output = nil
	context = a TLSPlugin.TLSClientContext
	socket = an active SocketAccessor
	state = #disconnected
Context PC = 7


> On Jun 7, 2024, at 11:53 AM, David Shaffer <cdshaffer at acm.org> wrote:
> 
> I’m getting a walkback when making TLS/SSL requests in an image that also happens to be interacting with GemStone via RPC.  I’ve included a Smalltalk code fragment that reliably reproduces the problem in the latest Ubuntu docker image but I’m guessing that it has nothing to do with docker or ubuntu, in particular.  
> 
> To reproduce the problem, make sure that your ubuntu install includes libcrypto.so <http://libcrypto.so/> and libssl.so <http://libssl.so/> and set up VW as instructed in the VW docs:
> 
> export VW_LIBCRYPTO=“/path/to/libcrypto.so <http://libcrypto.so/>”
> export LD_LIBRARY_PATH=“/path/to”
> 
> Note that setting LD_LIBRARY_PATH is required so that the version of libcrypto that VW loads will correctly load libssl.  In my experience this problem is not sensitive to these settings so as long as you have HTTPS working in your VW image, you can probably still reproduce this problem.  Run a fresh VW 9.3.1 image and load the following parcels (the error does not seem sensitive to which parcels are loaded but for reproducibility’s sake best to load them as listed):
> 
> GbsRuntime
> TLS-Plugin
> HTTPS
> GemBuilderPatches — attached, includes a fix for missing #connectorsList method
> External-Cryptography
> 
> Start up a fresh GemStone database (version doesn’t seem to matter, I’m using 3.6.5 in production so I mostly tested there).  Run the following adjusting host names, ports and library names as needed.
> 
>     |p|
>     Transcript
>        show: (Crypto.LibCryptoEVPInterface versionString ifNil: ['nil']); 
>        cr; 
>        show: (Crypto.LibCryptoEVPInterface openSSLDir ifNil: ['nil']); 
>        cr.
>     TLSPlugin.TLSLinuxCertificate trustedCACerts: '/etc/ssl/certs/ca-certificates.crt’.    “Needed for HTTPS to google"
>     (GbsConfiguration default)
> 		alwaysUseGemCursor: false;
> 		confirm: false;
> 		generateClassConnectors: false;
> 		libraryName: './libgcirpc-3.6.5-64.so';
> 		removeInvalidConnectors: true;
> 		verbose: false;
> 		apply.
>     p := GbsSessionParameters
> 				newWithGemStoneName: ‘!@localhost#netldi:40055!gs64stone'
> 				username: 'SystemUser'
>                                 password: 'swordfish'.
>     p gemService: '!@172.17.0.3#netldi:40055!gemnetobject'.
>     p login.
>     Transcript show: 'https://www.google.com' asURI get printString; cr.
>     ObjectMemory quit.
> 
> You should get an error during closing of the HTTPS socket connected to google.  This problem is not particular to who you are making the HTTPS connection to so I just used google for simplicity.  In my experimentation, making EITHER of the following changes fixes the problem:
> 
> 1) copy the statement that causes HTTPS get request so that it occurs before the #login.  After that, all HTTPS requests will work fine.
> 
> 2) Remove the initial two references and message sends to Crypto.LibCryptoEVPInterface.
> 
> 
> This problem does not seem to occur in VW 9.1.1 and Cincom updated VW to use openssl3 somewhere between 9.1.1 and 9.3.1 so my /guess/ is that there is now an issue in resolution of external function calls to the libssl loaded by VW and the one loaded by GBS.
> 
> If anyone else is experiencing these problems the workaround is simple: make a successful SSL request (to anywhere) before logging into a GemStone DB.
> 
> Best,
> 
> David
> 
> <GemBuilderPatches.pst>
> <GemBuilderPatches.pcl>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gemtalksystems.com/mailman/archives/gemstone-smalltalk/attachments/20240607/8fbfb053/attachment-0001.htm>

More information about the GemStone-Smalltalk mailing list