Upgrade to Openssl 3.0 or higher

[TxMat]

What would you like to be added or enhanced?

OpenSSL 1.1 is now depreciated and should not be used.

Why is this needed?

This makes the installation of EMQX impossible on Fedora as Fedora 40 removed openssl11 and openssl11-devel from their repos.

This is only the beginning as many other distro will soon drop openssl1.1 support as well

[ieQu1]

According to the build scripts, openssl11 is only supposed to be a dependency for the RHEL 7 RPM. What version of EMQX are you trying to install, and what is the exact name/URL for the RPM?

[ieQu1]

I've checked the 5.6 packages and indeed only emqx-5.6.1-el7-amd64.rpm has openssl11 as a dependency:

$ rpm -qR tmp/emqx-5.6.1-el7-amd64.rpm 
openssl11
libatomic
...

The rest of packages (e.g. amzn2023) don't have it:

rpm -qR tmp/emqx-5.6.1-amzn2023-amd64.rpm 
/bin/sh
/bin/sh
/bin/sh
/bin/sh
findutils
libatomic
ncurses
procps
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsZstd) <= 5.4.18-1
shadow-utils
util-linux
which

You downloaded a wrong package.

[TxMat]

I used the download procedure from https://www.emqx.io/downloads?os=CentOS

as you can see emqx refuses to start saying it need libcrypto.so.1.1 wich seem to point towards OpenSSL 1.1.

Openssl and Openssl-Devel are installed on the host machine

emqx-5.6.1-el8-amd64.rpm indeed does not need openssl11 as a dependecy but still need to start

[ieQu1]

Thanks for the answer.
@id Do you have a quick answer for this?

[zmstone]

EMQX's el8 package is built on rocky linux 8.
The default OpenSSL version for rocky linux is derived from the default (latest) openssl and openssl-devel packages.
https://github.com/emqx/emqx-builder/blob/68b4a1107b4ae4c75e8c1851cc9d009e70ba0521/el8/Dockerfile#L15-L16
The build log shows:

#9 19.76  openssl-libs             x86_64   1:1.1.1k-12.el8_9             baseos   1.5 M
#9 19.76  platform-python          x86_64   3.6.8-56.el8_9.3.rocky.0      baseos    86 k

And confirmed:

> docker run --hostname el8  --rm -it ghcr.io/emqx/emqx-builder/5.3-6:1.15.7-26.2.1-2-el8 bash
[root@el8 /]# ldd ./usr/local/lib/erlang/lib/crypto-5.4/priv/lib/crypto.so
        linux-vdso.so.1 (0x00007ffe997de000)
        libcrypto.so.1.1 => /usr/lib64/libcrypto.so.1.1 (0x00007fe4e9aca000)
        libc.so.6 => /usr/lib64/libc.so.6 (0x00007fe4e9705000)
        libz.so.1 => /usr/lib64/libz.so.1 (0x00007fe4e94ed000)
        libdl.so.2 => /usr/lib64/libdl.so.2 (0x00007fe4e92e9000)
        libpthread.so.0 => /usr/lib64/libpthread.so.0 (0x00007fe4e90c9000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fe4ea1d7000)

For Fedora 40, I am not sure how exactly it maps to RHEL compatibility-wise, but if you are looking for a distribution which comes with OpenSSL 3.0 by default, you should be using el9 instead.

> docker run --hostname el9  --rm -it ghcr.io/emqx/emqx-builder/5.3-6:1.15.7-26.2.1-2-el9 bash
[root@el9 /]# ldd ./usr/local/lib/erlang/lib/crypto-5.4/priv/lib/crypto.so
        linux-vdso.so.1 (0x00007ffd0ca84000)
        libcrypto.so.3 => /usr/lib64/libcrypto.so.3 (0x00007f00b958d000)
        libc.so.6 => /usr/lib64/libc.so.6 (0x00007f00b9384000)
        libz.so.1 => /usr/lib64/libz.so.1 (0x00007f00b9368000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f00b99e7000)

[TxMat]

@zmstone Beware that the emqx website does not let you choose el9

i had to search in the raw download page under https://www.emqx.com/en/downloads/broker/v5.6.1 to find the correct package

[zmstone]

@TxMat Thank you for letting us know. It's being added.