Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows: addons cannot use the bundled OpenSSL #4932

Closed
murgatroid99 opened this issue Jan 28, 2016 · 14 comments
Closed

Windows: addons cannot use the bundled OpenSSL #4932

murgatroid99 opened this issue Jan 28, 2016 · 14 comments
Labels
build Issues and PRs related to build files or the CI. feature request Issues that request new features to be added to Node.js. openssl Issues and PRs related to the OpenSSL dependency. windows Issues and PRs related to the Windows platform.

Comments

@murgatroid99
Copy link
Contributor

This is basically a copy of nodejs/node-v0.x-archive#4051, since it looks like that repository is obsolete and the problem still exists in the latest version of Node.

In the Node development package on Windows, the include directory has an openssl subdirectory with all of the OpenSSL headers, but the node.lib libraries do not export those symbols to link against.

This means that any Node extension that wants to use OpenSSL must instruct its users to follow the instructions at https://github.com/nodejs/node-gyp/wiki/Linking-to-OpenSSL#windows.
@murgatroid99 murgatroid99 mentioned this issue Jan 28, 2016
Closed
@murgatroid99
Copy link
Contributor Author

As a side note, the headers in include/node/openssl/ seem to be the same, or very similar, to the headers in deps/openssl/openssl/include/openssl/ on Linux. For the purposes of node-gyp, module authors are instructed to include the latter path on systems where Node exports OpenSSL symbols, but to use a different include path on Windows. However, because the headers are also in the former path, they are included anyway and can conflict with the included headers on Windows.

@mscdex mscdex added windows Issues and PRs related to the Windows platform. openssl Issues and PRs related to the OpenSSL dependency. feature request Issues that request new features to be added to Node.js. build Issues and PRs related to build files or the CI. labels Jan 28, 2016
@rvagg
Copy link
Member

rvagg commented Jan 28, 2016

@nodejs/platform-windows ping, we need some expertise here, I can't answer this but am ready to help out where needed if we need to take action

@murgatroid99 murgatroid99 mentioned this issue Mar 23, 2016
Merged
@saper
Copy link

saper commented Apr 4, 2016

As a part of the build process one of the libraries generated is lib/openssl.lib:

  6177422  01-10-16 04:26   lib/cares.lib
 12294090  01-10-16 04:26   lib/gtest.lib
   117192  01-10-16 04:26   lib/http_parser.lib
  5619094  01-10-16 04:26   lib/libuv.lib
 70660776  01-10-16 04:26   lib/openssl.lib
   744562  01-10-16 04:26   lib/zlib.lib

Maybe ass a temporary workaround we should just publish those?

@gibfahn gibfahn mentioned this issue May 5, 2016
Closed
3 tasks
@maxkorp maxkorp mentioned this issue Aug 12, 2016
Open
@murgatroid99 murgatroid99 mentioned this issue Aug 22, 2016
Closed
@bnoordhuis
Copy link
Member

Fixed by #6274.

@murgatroid99
Copy link
Contributor Author

I don't think this was ever actually fixed. I can't find a header distribution for any Node version that allows me to link against the built-in OpenSSL symbols on Windows, but the header is still there so there is still this conflict.

@murgatroid99 murgatroid99 mentioned this issue May 9, 2019
Closed
@richardlau
Copy link
Member

I don't think this was ever actually fixed. I can't find a header distribution for any Node version that allows me to link against the built-in OpenSSL symbols on Windows, but the header is still there so there is still this conflict.

This definitely was fixed and we've had reports (and fixed) of missing OpenSSL symbols as we only export a subset of them (e.g. #27494). Note that this only applies to the binaries available from https://nodejs.org/. Other distributions may differ, e.g. electron have their own build system and, I believe, use BoringSSL instead of OpenSSL.

@nicolasnoble
Copy link
Contributor

In this case, you're missing at least these symbols from at least Node 10:

SSL_get0_next_proto_negotiated
SSL_CTX_set_next_protos_advertised_cb
TLSv1_2_method
SSL_CTX_set_next_proto_select_cb

@richardlau
Copy link
Member

In this case, you're missing at least these symbols from at least Node 10:

SSL_get0_next_proto_negotiated
SSL_CTX_set_next_protos_advertised_cb
TLSv1_2_method
SSL_CTX_set_next_proto_select_cb

For visibility, please open a new issue (this one was closed over two years ago).

@nicolasnoble
Copy link
Contributor

I mean, I hate being this guy, but I can't consider this issue closed. Saying that you've fixed it, but you're only partially exporting symbols isn't a fix, it's an unreliable kludge. Going this cycle where we have to do trial-and-error to figure out what's missing next isn't viable.

Say we get these symbols in. Say we change our code to stop embedding OpenSSL in our native module and start using the symbols from nodejs. And say that several months down the line, we add new code for a new feature that starts using symbols that you haven't exported yet. We'd be forced to rollback the initial change and start embedding OpenSSL again. This isn't reliable. It seems to me we can't trust the headers you're exposing to appropriately describe the symbols you're actually exporting, therefore, this issue isn't solved.

@richardlau
Copy link
Member

I mean, I hate being this guy, but I can't consider this issue closed. Saying that you've fixed it, but you're only partially exporting symbols isn't a fix, it's an unreliable kludge. Going this cycle where we have to do trial-and-error to figure out what's missing next isn't viable.

Say we get these symbols in. Say we change our code to stop embedding OpenSSL in our native module and start using the symbols from nodejs. And say that several months down the line, we add new code for a new feature that starts using symbols that you haven't exported yet. We'd be forced to rollback the initial change and start embedding OpenSSL again. This isn't reliable. It seems to me we can't trust the headers you're exposing to appropriately describe the symbols you're actually exporting, therefore, this issue isn't solved.

cc @nodejs/platform-windows @nodejs/crypto @nodejs/node-gyp

@richardlau richardlau reopened this May 10, 2019
@sam-github
Copy link
Contributor

@nicolasnoble I can see your point, I wish the situation was less manual, too. Keep in mind that we can keep the issue open forever, but without some suggestions (or PRs) to the OpenSSL/node build process to keep the list correct, I'm not sure what will be done.

@nicolasnoble
Copy link
Contributor

Sure, we'll discuss this internally and see if we can help you improve the process.

@sam-github
Copy link
Contributor

That would be great, thank you.

@bnoordhuis
Copy link
Member

I'm going to close out this issue again because there isn't anything actionable right now or even ideas on how to improve the status quo. Can you file a new issue when you come up with something? Thanks.

@bnoordhuis bnoordhuis mentioned this issue May 13, 2019
Open
This was referenced Jul 25, 2019
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
build Issues and PRs related to build files or the CI. feature request Issues that request new features to be added to Node.js. openssl Issues and PRs related to the OpenSSL dependency. windows Issues and PRs related to the Windows platform.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@sam-github @mscdex @saper @bnoordhuis @rvagg @murgatroid99 @richardlau @nicolasnoble