azure-sdk-for-cpp icon indicating copy to clipboard operation
azure-sdk-for-cpp copied to clipboard

Published 20 hours ago verified publisher icon Azure

This line requires OpenSSL >= 3.0; with other words drops support for OpenSSL 1.1.1

Open alaendle opened this issue 1 year ago • 4 comments

https://github.com/Azure/azure-sdk-for-cpp/blob/083a88e8849d54be50aa50434995f480b67d1274/sdk/core/azure-core/src/http/curl/curl.cpp#L1447

Just want to make sure that this was really intended 😉 - personally I believe supporting OpenSSL version 1.1.1 is a must since e.g ubuntu 21.10 (impish) debian 11 (bullseye) still distribute version 1.1.1.

alaendle avatar Oct 13 '22 12:10 alaendle

This was intended. For better or worse, the Azure SDK has moved to OpenSSL 3.0 because vcpkg forces all clients of vcpkg to use OpenSSL 3.0 and the Azure SDK's OpenSSL dependencies is managed via vcpkg.

Does the addition of the OpenSSL 3 API cause challenges for your use of the Azure SDK for C++?

LarryOsterman avatar Oct 13 '22 18:10 LarryOsterman

@LarryOsterman Thanks for the answer.

I'm using the Azure SDK for C++ in conjunction with https://github.com/Azure/azure-iot-sdk-c to build a edge module that connects to Azure Blob Storage on IoT Edge. Because of the IoT-Context and other 3rd party software we are directly linking the library (no use of cmake or vcpkg) and are more or less bound to the distributed/supported OpenSSL version.

Maybe my use-case is somewhat special, but I would have advised to postpone the usage of OpenSSL 3 until the most important Linux LTS distributions officially support it 😉

For now the workaround is simple - I just use the slightly older release (azure storage 12.6.1) that builds fine with OpenSSL 1.1.1.

alaendle avatar Oct 17 '22 05:10 alaendle

Unfortunately, our hands are currently tied due to vcpkg moving to OpenSSL 3.0. We are currently investigating if it is possible to use vcpkg overlays to move back to OpenSSL 1.1.1n (you are not the only team which is having challenges because of the OpenSSL 3.0 change).

FWIW, the OpenSSL 3.0 change is mandated for several distributions (Ubuntu 22 for example) and causes problems for others. It's a bit of a mess (one example: Apps using the OpenSSL 1.1.1n shared library fail on Ubuntu 22 without manually installing OpenSSL 1.1.1n, apps using OpenSSL 3.0 shared library fail on Ubuntu 20).

LarryOsterman avatar Oct 18 '22 17:10 LarryOsterman

Finally a problem that can be solved by waiting 😉 My expectation is that in a year or so most software is updated to use OpenSSL 3. For me the release of debian bookworm is the crucial requirement. I'll leave this issue open if you would like to comment after a decision about the SSL 1.1.1 overlay has been made - otherwise I guess everything has been said, so feel free to just close it.

alaendle avatar Oct 19 '22 04:10 alaendle

FWIW, the OpenSSL 1.1.1 overlay port is live now:.

LarryOsterman avatar Nov 01 '22 18:11 LarryOsterman