Comments (17)
https://github.com/ocsigen/eliom/actions/runs/8880329780/job/24380120879
from ocaml-ssl.
I’m not a home brew user so I’d appreciate some help figuring this out.
Would someone seeing this issue try to build ssl locally with OpenSSL 3.3 and paste the contents of the .sexp
files with flags?
from ocaml-ssl.
Adding the following step certainly fixed the issue:
- name: Re-install OpenSSL on macOS
if: runner.os == 'macOS'
run: brew update && brew reinstall openssl@3
from ocaml-ssl.
I'm experiencing this issue also.
An external web request in my Dream app fails.
This is the relevant section of the log:
...
...
30.04.24 02:23:14.889 dream.logger WARN REQ 22 Aborted by: SSL connection() error: error:14:000086:SSL routines::certificate verify failed
30.04.24 02:23:14.889 dream.logger WARN Raised by primitive operation at Ssl in file "src/ssl.ml", line 785, characters 14-33
30.04.24 02:23:14.889 dream.logger WARN Called from Lwt_ssl.wrap_call in file "src/lwt_ssl.ml", line 47, characters 4-8
30.04.24 02:23:14.889 dream.logger WARN Re-raised at Lwt_ssl.wrap_call in file "src/lwt_ssl.ml", line 57, characters 7-14
30.04.24 02:23:14.889 dream.logger WARN Called from Lwt_unix.retry_syscall in file "src/unix/lwt_unix.cppo.ml", line 509, characters 13-24
...
...
Installing OpenSSL 3.0 from Homebrew and linking to that makes the request work.
from ocaml-ssl.
What are the build errors?
from ocaml-ssl.
I'm packaging OpenSSL 3.3 for Nix here: NixOS/nixpkgs#308082
I don't see any failures there, which leads me to believe this could be a bug in the discover.ml
script just for homebrew?
from ocaml-ssl.
I don't have a Homebrew installation, so I'll need a little help here. The current discover.ml
script looks for a set of hardcoded paths on macOS. Could you check if these are still present for OpenSSL 3.3, or whether they have been changed for this release?
ocaml-ssl/src/config/discover.ml
Lines 6 to 13 in 05a3e8e
from ocaml-ssl.
Alternatively, could this be a homebrew packaging issue? e..g Homebrew/homebrew-core#169721 Homebrew/homebrew-core#169728
I'd be interested in checking whether builds are still failing after brew update
?
from ocaml-ssl.
https://github.com/ocsigen/eliom/actions/runs/8880329780/job/24380120879
@smorimoto could you point me to where OpenSSL 3.3 is being used here? The build looks like it's installing OpenSSL 3.0
from ocaml-ssl.
As far as I can see here: https://github.com/ocsigen/eliom/actions/runs/8880329780/job/24380120879#step:5:390
The path is here: /opt/homebrew/Cellar/openssl@3/3.3.0
from ocaml-ssl.
Do you know if multiple version of the package can coexist? because the step "Reinstall OpenSSL on macOS" is installing 3.0
from ocaml-ssl.
https://github.com/ocsigen/eliom/actions/runs/8880329780/job/24380120879
We are seeing the same issues when CI building ocaml.org (Issue: ocaml/ocaml.org#2395). Here is the relevant part of the log:
#=== ERROR while compiling ssl.0.7.0 ==========================================#
# context 2.1.5 | macos/arm64 | ocaml-base-compiler.4.14.1 | git+https://github.com/ocaml/opam-repository#8cc107f96e33a4601f7c39346eb19fbbe46486d3
# path ~/work/ocaml.org/ocaml.org/_opam/.opam-switch/build/ssl.0.7.0
# command ~/work/ocaml.org/ocaml.org/_opam/bin/dune build -p ssl -j 3 @install
# exit-code 1
# env-file ~/.opam/log/ssl-7020-69c5ca.env
# output-file ~/.opam/log/ssl-7020-69c5ca.out
### output ###
# (cd _build/default/src && /usr/bin/cc -O2 -fno-strict-aliasing -fwrapv -pthread -D_FILE_OFFSET_BITS=64 -I/opt/homebrew/Cellar/openssl@3/3.3.0/include -g -I /Users/runner/work/ocaml.org/ocaml.org/_opam/lib/ocaml -o ssl_stubs.o -c ssl_stubs.c)
# ssl_stubs.c:1142:5: warning: 'DH_free' is deprecated [-Wdeprecated-declarations]
# DH_free(dh);
# ^
# /opt/homebrew/Cellar/openssl@3/3.3.0/include/openssl/dh.h:211:1: note: 'DH_free' has been explicitly marked deprecated here
# OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh);
# ^
# /opt/homebrew/Cellar/openssl@3/3.3.0/include/openssl/macros.h:194:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0'
# # define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0)
# ^
# /opt/homebrew/Cellar/openssl@3/3.3.0/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED'
# # define OSSL_DEPRECATED(since) __attribute__((deprecated))
# ^
# ssl_stubs.c:1168:10: warning: 'EC_KEY_new_by_curve_name' is deprecated [-Wdeprecated-declarations]
# ecdh = EC_KEY_new_by_curve_name(nid);
# ^
# /opt/homebrew/Cellar/openssl@3/3.3.0/include/openssl/ec.h:1017:1: note: 'EC_KEY_new_by_curve_name' has been explicitly marked deprecated here
# OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid);
# ^
# /opt/homebrew/Cellar/openssl@3/3.3.0/include/openssl/macros.h:194:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0'
# # define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0)
# ^
# /opt/homebrew/Cellar/openssl@3/3.3.0/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED'
# # define OSSL_DEPRECATED(since) __attribute__((deprecated))
# ^
# ssl_stubs.c:1176:5: warning: 'EC_KEY_free' is deprecated [-Wdeprecated-declarations]
# EC_KEY_free(ecdh);
# ^
# /opt/homebrew/Cellar/openssl@3/3.3.0/include/openssl/ec.h:1022:1: note: 'EC_KEY_free' has been explicitly marked deprecated here
# OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key);
# ^
# /opt/homebrew/Cellar/openssl@3/3.3.0/include/openssl/macros.h:194:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0'
# # define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0)
# ^
# /opt/homebrew/Cellar/openssl@3/3.3.0/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED'
# # define OSSL_DEPRECATED(since) __attribute__((deprecated))
# ^
# ssl_stubs.c:2031:9: warning: 'PEM_read_bio_DHparams' is deprecated [-Wdeprecated-declarations]
# ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
# ^
# /opt/homebrew/Cellar/openssl@3/3.3.0/include/openssl/pem.h:473:21: note: 'PEM_read_bio_DHparams' has been explicitly marked deprecated here
# DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)
# ^
# /opt/homebrew/Cellar/openssl@3/3.3.0/include/openssl/macros.h:194:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0'
# # define OSSL_DEPRECATEDIN_3_0 OSSL_DEPRECATED(3.0)
# ^
# /opt/homebrew/Cellar/openssl@3/3.3.0/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED'
# # define OSSL_DEPRECATED(since) __attribute__((deprecated))
# ^
# 4 warnings generated.
# File "src/dune", line 1, characters 0-259:
# 1 | (library
# 2 | (name ssl)
# 3 | (public_name ssl)
# ....
# 12 | (:include c_library_flags.sexp))
# 13 | (instrumentation
# 14 | (backend bisect_ppx)))
# (cd _build/default && /Users/runner/work/ocaml.org/ocaml.org/_opam/bin/ocamlmklib.opt -g -o src/ssl_stubs src/ssl_stubs.o -ldopt -L/opt/homebrew/Cellar/openssl@3/3.3.0 -ldopt -lssl -ldopt -lcrypto)
# ld: warning: -undefined suppress is deprecated
# ld: warning: -undefined suppress is deprecated
# ld: library 'ssl' not found
# clang: error: linker command failed with exit code 1 (use -v to see invocation)
<><> Error report <><><><><><><><><><><><><><><><><><><><><><><><><><><><><> 🐫
┌─ The following actions failed
│ λ build ssl 0.7.0
└─
from ocaml-ssl.
c_library_flags.sexp:
("-L/opt/homebrew/Cellar/openssl@3/3.3.0" "-lssl" "-lcrypto")
c_flags.sexp;
("-I/opt/homebrew/Cellar/openssl@3/3.3.0/include")
I tried to lookup the directory, and it seems the correct directory is located at /opt/homebrew/Cellar/openssl@3/3.3.0/lib
on my machine.
So as a temporary measurement to install the ssl
spam package I'm using
export LIBRARY_PATH=$LIBRARY_PATH:/opt/homebrew/Cellar/openssl@3/3.3.0/lib
Update: The issue disappeared after I reinstalled [email protected] using brew.
from ocaml-ssl.
Isn’t that Homebrew/homebrew-core#169728 then, as I pasted above?
from ocaml-ssl.
Oh sorry, I missed that. Looks pretty much exactly the issue.
from ocaml-ssl.
or, I guess that issue was for libcrypto, but we need a similar one for libssl?
from ocaml-ssl.
Thanks for confirming that it was a homebrew issue indeed.
from ocaml-ssl.
Related Issues (20)
- flush with non blocking socket must raise an exception HOT 2
- output_string should be a loop HOT 2
- TLSv1, TLSv1_1 and TLSv1_2 are deprecated HOT 6
- Bindings for more ERR_* functions HOT 2
- simplify/optimize c interface HOT 5
- Do not force SSL_MODE_AUTO_RETRY HOT 4
- dune runtest gives an error in ssl_error test HOT 14
- Naked pointer - ocaml_ssl_get_current_cipher
- With non blocking socket some functions are a bit useless as it is.
- GC-linked segfault using `ocaml-ssl`
- Ssl.input_string fails with Ssl.Read_error exception
- Downstream build broken after openssl 3.3.1 upgrade HOT 6
- TLS1_3_VERSION needs to be ifdef'ed HOT 3
- weird certificate issue on libera.chat HOT 2
- `<openssl/ssl.h>` No such file or directory on 4.12+options opam switch with `ocaml-option-static` HOT 1
- Linking with Ssl causes segfault on multicore OCaml HOT 2
- Build fail when installing with opam HOT 7
- New release? (0.5.11) HOT 2
- Wrong clause number in LGPL special exception HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ocaml-ssl.