What's the highest Openssl version supported with Confd 7.3.2 version

CDB and CDB API
1

Hi Team,

Our application needs openssl 3.0 support with confd 7.3.2 version.
As mentioned in user guide under section using different version of openssl, we recompiled crypto.so and libconfd.so binaries with newer openssl.3.0 library.
During application init, we are still seeing below error.

Bad configuration: /opt/sonus/sbx/tailf/confd.conf:0: cannot dynamically link with libcrypto shared library\n"^M
connection refused (debug_dump)
connection refused (debug_dump)

We have verified that, openssl version used to compile libconfd.so and crypto.so is available on the the machine during Confd init.

[root@USHAVC732-ISBC2 ~]# ldd /opt/sonus/sbx/tailf/lib/confd/lib/core/crypto/priv/lib/crypto.so
        linux-vdso.so.1 (0x00007ffd951b9000)
        **libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3 (0x00007f58baa71000)**
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f58ba89d000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f58ba897000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f58ba875000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f58baf2a000)
**[root@USHAVC732-ISBC2 ~]# ls -lsrt /lib/x86_64-linux-gnu/libcrypto.so.3**
**5280 -rwxr-xr-x 1 root root 5404888 Jul 31 07:31 /lib/x86_64-linux-gnu/libcrypto.so.3**
[root@USHAVC732-ISBC2 ~]#

Is there any restriction on what openssl version can be used along with Confd version 7.3.2 version?

PS: while building crypto.so binaries (I had to bring in more .h and .c files ike aead.c, aes.c etc, to be able to compile with openssl 3.0)

Thanks,
Usha

2

hello, plaese see End-of-life for OpenSSL

3

Hi Joseph…

We couldn’t upgrade to 8.0.x version due to some other issues faced post confd upgrade.
We are looking forward to use confd 7.3.2 with openssl3.0, (we are able to build confd 7.4.5 with openssl3 and it’s working fine), with confd 7.3.2 openssl 3.0 we are facing above “libcrypto.so” linking error during confd init.

Could you let us know if there is any restriction from Confd 7.3.2 Confd code/ Erlang OTP code w.r.t openssl version that can be used (like only certain openssl versions are supported)?

Thanks,
Usha

4

I do not have experience with using non-default (other than 1.0/1.1) versions.

Imho implied message in the linked topic is, that while ConfD 8.x as the latest does not have OpenSSL 3.x support, neither do any of the older ones… ConfD internally uses Erlang/OTP that has some OpenSSL limitations, and the ConfD versions you mention simply do not run recent enough OTP to allow full OpenSSL 3.x support.