libgit2sharp.nativebinaries
libgit2sharp.nativebinaries copied to clipboard
libgit2
Ubuntu 22.04 x64: could not load ssl libraries
LibGit2Sharp.LibGit2SharpException: could not load ssl libraries
at LibGit2Sharp.Core.Ensure.HandleError(Int32 result) in /_/LibGit2Sharp/Core/Ensure.cs:line 154
at LibGit2Sharp.Core.Proxy.git_remote_connect(RemoteHandle remote, GitDirection direction, GitRemoteCallbacks& remoteCallbacks, GitProxyOptions& proxyOptions) in /_/LibGit2Sharp/Core/Proxy.cs:line 2172
at LibGit2Sharp.Repository.ListRemoteReferences(String url, CredentialsHandler credentialsProvider) in /_/LibGit2Sharp/Repository.cs:line 689
Using a project with LibGit2Sharp built with dotnet publish --configuration Release --runtime linux-x64 --no-self-contained, resulting in libgit2-e632535.so, and running on .NET 6.0.415.
By using strace with some trial-and-error, it seems that LibGit2Sharp requires OpenSSL 1.1, but Ubuntu 22.04 (and higher, I assume) only ship with OpenSSL 3.
As a workaround, installing http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb fixes the issue and lets LibGit2Sharp run.
What needs to be done to make this work with OpenSSL 3?
libgit2 already supports OpenSSL 3, and we test against Ubuntu 22.04 in the LibGit2Sharp repo, and everything works fine. I've also done some extra manual testing recently, and haven't been able to reproduce the problem you're describing.
Ran into the same issue with .NET8 Web App hosted on Containers using 0.27.0-preview-0175. could not load ssl libraries
This is built against mcr.microsoft.com/dotnet/aspnet:8.0 and mcr.microsoft.com/dotnet/sdk:8.0
The stack trace was the same.
LibGit2Sharp.LibGit2SharpException:
at LibGit2Sharp.Core.Ensure.HandleError (LibGit2Sharp, Version=0.27.0.0, Culture=neutral, PublicKeyToken=7cbde695407f0333: /_/LibGit2Sharp/Core/Ensure.cs:154)
at LibGit2Sharp.Core.Ensure.ZeroResult (LibGit2Sharp, Version=0.27.0.0, Culture=neutral, PublicKeyToken=7cbde695407f0333: /_/LibGit2Sharp/Core/Ensure.cs:172)
at LibGit2Sharp.Core.Proxy.git_clone (LibGit2Sharp, Version=0.27.0.0, Culture=neutral, PublicKeyToken=7cbde695407f0333: /_/LibGit2Sharp/Core/Proxy.cs:275)
at LibGit2Sharp.Repository.Clone (LibGit2Sharp, Version=0.27.0.0, Culture=neutral, PublicKeyToken=7cbde695407f0333: /_/LibGit2Sharp/Repository.cs:793)
The resolution was also the same - we just had to install the OpenSSL 1.1 libraries into the final .NET container:
RUN apt-get update \
&& apt-get install -y wget \
&& wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb \
&& dpkg -i libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb \
&& rm -f libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb
@johnbailey-transactcampus You really shouldn't need to do that. It works just fine with OpenSSL 3. I have tests that run against OpenSSL 3 that prove that.
If you can provide me with a sample project that I use to reproduce it, I'll take another look, but all of my testing indicates this shouldn't be required.
Just from perusing the code, it looks like we might be hitting this old path - where openssl3.0 is not in libgit2? This is just an uneducated guess, though.
Sadly, the project where this repro'ed is proprietary and closed-source, so I can't give you an example to work with; however, it should be easy enough (in theory) to reproduce by creating a web app hosted on the default .NET containers and adding the LibGit2Sharp NuGet package (0.20.0-preview-0175) and calling clone - or, in the case of op, remote connect.
I can confirm openssl 3.0 comes standard on the .NET8 containers, so this would - generally - result in pointing back to that handle load block I referenced earlier in this comment as being the culprit.
docker run -it --rm --entrypoint=/bin/bash mcr.microsoft.com/dotnet/aspnet:8.0
root@a2579d7876bd:/# openssl version
OpenSSL 3.0.11 19 Sep 2023 (Library: OpenSSL 3.0.11 19 Sep 2023)
LibGit2Sharp NuGet package (0.20.0-preview-0175)
That version is old and out of date. You should definitely update to the latest version and then see if you still have the problem. It's quite likely that the libgit2 version contained in that preview version doesn't work with OpenSSL 3.