Unable to build qtnetwork 5.15.11 due to invalid SSL
-
Hello guys,
i am trying to update to the latest QT ver in Gentoo repo and cannot build the qtnetwork package due to this error:
/usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: .obj/qsslsocket_openssl_symbols.o: in function `q_SSL_get_peer_certificate(ssl_st*)': qsslsocket_openssl_symbols.cpp:(.text+0xc81): undefined reference to `SSL_get_peer_certificate' /usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: .obj/qsslsocket_openssl_symbols.o: in function `q_EVP_PKEY_base_id(evp_pkey_st*)': qsslsocket_openssl_symbols.cpp:(.text+0xc91): undefined reference to `EVP_PKEY_base_id' collect2: error: ld returned 1 exit status make: *** [Makefile:601: ../../lib/libQt5Network.so.5.15.11] Error 1
So first i validated the build log and this is what i see:
Checking for OpenSSL... Trying source 0 (type openssl) of library openssl ... $OPENSSL_LIBS is not set. => source produced no result. Trying source 1 (type inline) of library openssl ... => source failed condition 'config.win32'. Trying source 2 (type inline) of library openssl ... => source failed condition 'config.msvc'. Trying source 3 (type inline) of library openssl ... => source failed condition 'config.android'. Trying source 4 (type inline) of library openssl ... + cd /var/tmp/portage/dev-qt/qtnetwork-5.15.11/work/qtbase-everywhere-src-5.15.11_build/config.tests/openssl && /var/tmp/portage/dev-qt/qtnetwork-5.15.11/work/qtbase-everywhere-src-5.15.11_build/bin/qmake "CONFIG -= qt debug_and_release app_bundle lib_bundle" "CONFIG += shared warn_off console single_arch" QMAKE_AR=x86_64-pc-linux-gnu-ar QMAKE_CC=x86_64-pc-linux-gnu-gcc QMAKE_LINK_C=x86_64-pc-linux-gnu-gcc QMAKE_LINK_C_SHLIB=x86_64-pc-linux-gnu-gcc QMAKE_CXX=x86_64-pc-linux-gnu-g++ QMAKE_LINK=x86_64-pc-linux-gnu-g++ QMAKE_LINK_SHLIB=x86_64-pc-linux-gnu-g++ QMAKE_OBJCOPY=x86_64-pc-linux-gnu-objcopy QMAKE_RANLIB= QMAKE_STRIP=x86_64-pc-linux-gnu-strip 'QMAKE_CFLAGS=-march=znver3 -O2 -pipe' QMAKE_CFLAGS_RELEASE= QMAKE_CFLAGS_DEBUG= 'QMAKE_CXXFLAGS=-march=znver3 -O2 -pipe' QMAKE_CXXFLAGS_RELEASE= QMAKE_CXXFLAGS_DEBUG= 'QMAKE_LFLAGS=-Wl,-O1 -Wl,--as-needed' QMAKE_LFLAGS_RELEASE= QMAKE_LFLAGS_DEBUG= 'QMAKE_USE += openssl' 'QMAKE_LIBS_OPENSSL = -lssl -lcrypto' /var/tmp/portage/dev-qt/qtnetwork-5.15.11/work/qtbase-everywhere-src-5.15.11_build/config.tests/openssl + cd /var/tmp/portage/dev-qt/qtnetwork-5.15.11/work/qtbase-everywhere-src-5.15.11_build/config.tests/openssl && MAKEFLAGS= /usr/bin/gmake > x86_64-pc-linux-gnu-g++ -c -march=znver3 -O2 -pipe -w -fPIC -I. -I/var/tmp/portage/dev-qt/qtnetwork-5.15.11/work/qtbase-everywhere-src-5.15.11/mkspecs/linux-g++ -o main.o main.cpp > x86_64-pc-linux-gnu-g++ -Wl,-O1 -Wl,--as-needed -o openssl main.o -lssl -lcrypto => source accepted. test config.qtbase_network.libraries.openssl succeeded
so seems like openssl is found correctly. next, it was set to the linked option by cmake:
Note: Option 'gssapi' with value 'no' was specified twice Note: Option 'libproxy' with value 'no' was specified twice Note: Overriding option 'openssl' with 'linked' (was: 'no') Note: When linking against OpenSSL, you can override the default library names through OPENSSL_LIBS. For example: OPENSSL_LIBS='-L/opt/ssl/lib -lssl -lcrypto' ./configure -openssl-linked
but next it was failed with the error above:
x86_64-pc-linux-gnu-g++ -Wl,-O1 -Wl,--as-needed -Wl,--no-undefined -Wl,--version-script,QtNetwork.version -Wl,--enable-new-dtags -shared -Wl,-Bsymbolic-functions -Wl,-soname,libQt5Network.so.5 -o libQt5Network.so.5.15.11 .obj/qnetworkaccessauthenticationmanager.o .obj/qnetworkaccessmanager.o .obj/qnetworkaccesscache.o .obj/qnetworkaccessbackend.o .obj/qnetworkaccessdebugpipebackend.o .obj/qnetworkaccessfilebackend.o .obj/qnetworkaccesscachebackend.o .obj/qnetworkcookie.o .obj/qnetworkcookiejar.o .obj/qnetworkrequest.o .obj/qnetworkreply.o .obj/qnetworkreplyimpl.o .obj/qnetworkreplydataimpl.o .obj/qnetworkreplyfileimpl.o .obj/qabstractnetworkcache.o .obj/qnetworkfile.o .obj/qhsts.o .obj/qhstspolicy.o .obj/qftp.o .obj/qnetworkaccessftpbackend.o .obj/qnetworkdiskcache.o .obj/qhstsstore.o .obj/bitstreams.o .obj/huffman.o .obj/hpack.o .obj/hpacktable.o .obj/http2frames.o .obj/http2streams.o .obj/http2protocol.o .obj/qabstractprotocolhandler.o .obj/qhttp2protocolhandler.o .obj/qhttpmultipart.o .obj/qhttpnetworkconnection.o .obj/qhttpnetworkconnectionchannel.o .obj/qhttpnetworkheader.o .obj/qhttpnetworkreply.o .obj/qhttpnetworkrequest.o .obj/qhttpprotocolhandler.o .obj/qhttpthreaddelegate.o .obj/qnetworkreplyhttpimpl.o .obj/qhttp2configuration.o .obj/qspdyprotocolhandler.o .obj/qnetworksession.o .obj/qnetworkconfigmanager.o .obj/qnetworkconfiguration.o .obj/qnetworkconfigmanager_p.o .obj/qbearerengine.o .obj/qbearerplugin.o .obj/qsharednetworksession.o .obj/qauthenticator.o .obj/qhostaddress.o .obj/qhostinfo.o .obj/qnetworkdatagram.o .obj/qnetworkinterface.o .obj/qnetworkproxy.o .obj/qurlinfo.o .obj/qdnslookup.o .obj/qdnslookup_unix.o .obj/qhostinfo_unix.o .obj/qnetworkinterface_linux.o .obj/qnetconmonitor_stub.o .obj/qnetworkproxy_generic.o .obj/qabstractsocketengine.o .obj/qabstractsocket.o .obj/qtcpsocket.o .obj/qudpsocket.o .obj/qtcpserver.o .obj/qsocks5socketengine.o .obj/qhttpsocketengine.o .obj/qnativesocketengine.o .obj/qnativesocketengine_unix.o .obj/qlocalsocket.o .obj/qlocalserver.o .obj/qlocalsocket_unix.o .obj/qlocalserver_unix.o .obj/qasn1element.o .obj/qssl.o .obj/qsslcertificate.o .obj/qsslcertificateextension.o .obj/qsslconfiguration.o .obj/qsslcipher.o .obj/qssldiffiehellmanparameters.o .obj/qsslellipticcurve.o .obj/qsslkey_p.o .obj/qsslerror.o .obj/qsslsocket.o .obj/qsslpresharedkeyauthenticator.o .obj/qocspresponse.o .obj/qdtls.o .obj/qsslsocket_openssl_symbols.o .obj/qssldiffiehellmanparameters_openssl.o .obj/qsslcertificate_openssl.o .obj/qsslellipticcurve_openssl.o .obj/qsslkey_openssl.o .obj/qsslsocket_openssl.o .obj/qsslcontext_openssl.o .obj/qdtls_openssl.o .obj/qpassworddigestor.o .obj/moc_qnetworkaccesscache_p.o .obj/moc_qnetworkaccessbackend_p.o .obj/moc_qnetworkaccessdebugpipebackend_p.o .obj/moc_qnetworkaccessfilebackend_p.o .obj/moc_qnetworkcookiejar.o .obj/moc_qnetworkreply.o .obj/moc_qabstractnetworkcache.o .obj/moc_qnetworkfile_p.o .obj/moc_qnetworkaccessftpbackend_p.o .obj/moc_qnetworkdiskcache.o .obj/moc_qhttp2protocolhandler_p.o .obj/moc_qhttpmultipart.o .obj/moc_qhttpnetworkreply_p.o .obj/moc_qhttpthreaddelegate_p.o .obj/moc_qnetworkreplyhttpimpl_p.o .obj/moc_qspdyprotocolhandler_p.o .obj/moc_qnetworkconfigmanager_p.o .obj/moc_qnetworksession_p.o .obj/moc_qbearerplugin_p.o .obj/moc_qhostinfo_p.o .obj/moc_qnetconmonitor_p.o .obj/moc_qdnslookup_p.o .obj/moc_qabstractsocketengine_p.o .obj/moc_qtcpsocket.o .obj/moc_qudpsocket.o .obj/moc_qsocks5socketengine_p.o .obj/moc_qhttpsocketengine_p.o .obj/moc_qnativesocketengine_p.o .obj/moc_qdtls.o /usr/lib64/libQt5Core.so -pthread -lz -lssl -lcrypto /usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: .obj/qsslsocket_openssl_symbols.o: in function `q_SSL_get_peer_certificate(ssl_st*)': qsslsocket_openssl_symbols.cpp:(.text+0xc81): undefined reference to `SSL_get_peer_certificate' /usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: .obj/qsslsocket_openssl_symbols.o: in function `q_EVP_PKEY_base_id(evp_pkey_st*)': qsslsocket_openssl_symbols.cpp:(.text+0xc91): undefined reference to `EVP_PKEY_base_id' collect2: error: ld returned 1 exit status
so i checked the source file mentioned in the error message:
// Here we have the ones that make difference between OpenSSL pre/post v3: #if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3 X509 *q_SSL_get1_peer_certificate(SSL *a); #define q_SSL_get_peer_certificate q_SSL_get1_peer_certificate int q_EVP_PKEY_get_base_id(const EVP_PKEY *pkey); #define q_EVP_PKEY_base_id q_EVP_PKEY_get_base_id #else X509 *q_SSL_get_peer_certificate(SSL *a); int q_EVP_PKEY_base_id(EVP_PKEY *a); #endif // OPENSSL_VERSION_MAJOR >= 3 QT_END_NAMESPACE
which leads to the question: did it correctly read the openssl version as seems like it takes the "else" clause instead of 'if'. but i have installed openssl ver 3:
admin@gentoo ~ $ equery list openssl * Searching for openssl ... [IP-] [ ] dev-libs/openssl-3.0.11:0/3
with the following use flags:
* Searching for openssl ... [IP-] [ ] dev-libs/openssl-3.0.11:0/3 admin@gentoo ~ $ equery uses openssl [ Legend : U - final flag setting for installation] [ : I - package is installed with flag ] [ Colors : set, unset ] * Found these USE flags for dev-libs/openssl-3.0.11: U I - - abi_x86_32 : 32-bit (x86) libraries + + asm : Support assembly hand optimized crypto functions (i.e. faster run time) - - fips : Enable FIPS provider - - ktls : Enable support for Kernel implementation of TLS (kTLS) - - rfc3779 : Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers) + + sctp : Support for Stream Control Transmission Protocol + + static-libs : Build static versions of dynamic libraries as well - - test : Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently) - - tls-compression : Enable support for discouraged TLS compression - - vanilla : Do not add extra patches which change default behaviour; DO NOT USE THIS ON A GLOBAL SCALE as the severity of the meaning changes drastically - - verify-sig : Verify upstream signatures on distfiles - - weak-ssl-ciphers : Build support for SSL/TLS ciphers that are considered "weak"
i had recompiled that with static-lib just recently but by default this flag is disabled. this is current qtnetwork config :
* Searching for qtnetwork ... [I--] [??] dev-qt/qtnetwork-5.15.10-r3:5/5.15 [ Legend : U - final flag setting for installation] [ : I - package is installed with flag ] [ Colors : set, unset ] * Found these USE flags for dev-qt/qtnetwork-5.15.11: U I - - debug : Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces - - gssapi : Enable support for GSSAPI (virtual/krb5) - - libproxy : Use net-libs/libproxy for automatic HTTP/SOCKS proxy configuration - - sctp : Support for Stream Control Transmission Protocol + + ssl : Add support for SSL/TLS connections (Secure Socket Layer / Transport Layer Security) - - test : Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
also i compiled the latest version available in the gentoo repo (openssl-3.1.4) and tried to rebuild qtnetwork but got the same error. i tried some other options, but already do not remember all of them.
so any ideas how to resolve this?
-
@ChrisW67 that i tried already, but it did not work. There are already qt* packages in the tree that require openssl-3.0+ and prev versions (compatible with openssl-1.1.1) are not available anymore.. Plus, i have another server with most identical config and just tried to rebuild openssl-3.0.11 on that box and it compiled fine without masking/unmasking anything. Another thing - that server does not have installed certain packages I have installed here - such as qtcreator/qtdesigner for example. Can it be related somehow to misconfig etc?