Possible OpenSSL issue in node:8.16-alpine

[IdanAdar]

Hello. I am seeking help from the community regarding a possible Node or Alpine (node:8.16-alpine) incompatibility with rdkafka, as detailed in the following ticket. Appreciate any insights you may have! It seems to be related to OpenSSL versions? But we're not sure yet... Blizzard/node-rdkafka#649

I think this is less related to Node and more to Alpine. Node:8.13-alpine (Alpine 3.8) works Node:8.16-alpine (Alpine 3.9) doesn't work

There's a sample test case in the ticket. Can anyone from the Alpine team figure out what may be the issue here? Is it related to OpenSSL that is shipped?

@ncopa

[ncopa]

I haven't digged deep into this so I am making some qualified guesses based on this comment: https://github.com/Blizzard/node-rdkafka/issues/649#issuecomment-516753963

I believe node:8.16-alpine builds node with upstream defaults, which bundles openssl. The bunled, older openssl 1.0 gets linked statically into node.

Alpine has, similar to other distros, moved to openssl 1.1. When you use components linked to system openssl (1.1) together with the statically compiled openssl 1.0 from node, things will go bad.

There are various different solutions to this:

• let node:8.*-alpine build with system openssl. (something maintainer of node:8.*-alpine needs to do)
• build openssl 1.0 (and all libraries or dependencies using openssl) yourself, instead of using system packages
• use alpine node package (apk add node)