Bug 395201

Summary: SSL broken in 5.9.0 AppImage bundle
Product: digikam Reporter: jgoerzen
Component: Bundle-AppImageAssignee: Digikam Developers <digikam-bugs-null>
Severity: normal CC: caulier.gilles
Priority: NOR    
Version: 5.9.0   
Target Milestone: ---   
Platform: Appimage   
OS: Linux   
Latest Commit: Version Fixed In: 6.0.0

Description jgoerzen 2018-06-10 04:23:17 UTC
While using the AppImage bundle from https://download.kde.org/stable/digikam/digikam-5.9.0-01-x86-64.appimage, I was unable to upload to Flickr due to SSL errors.

There would be a bunch of "cannot resolve" errors such as:

qt.network.ssl: QSslSocket: cannot resolve CRYPTO_num_locks

Followed by "Incompatible version of OpenSSL"

Some digging produced https://github.com/Subsurface-divelog/subsurface/issues/779#issuecomment-342206044, which contained this hint: "Something causes libcrypto.so.1.0.1e to be searched, and since we do not bundle this version inside the AppImage, the libcrypto from the base system gets loaded instead of the bundled version, which leads to an OpenSSL version mismatch."

A workaround for this bug, which successfullly caused it to work for me, was to run the appimage under Firejail, with this in my digikam.local:

blacklist /usr/lib/x86_64-linux-gnu/libssl*
blacklist /usr/lib/x86_64-linux-gnu/libcrypto*
Comment 1 caulier.gilles 2018-08-13 17:04:04 UTC
In fact the reason about the SSL dysfunction and AppImage is due to missing libssl.so in the bundle. See the crash with the 6.0.0 pre release :

(gdb) bt
#0  0x00007fffe8a6fd5a in __strcmp_sse2_unaligned () from /lib64/libc.so.6
#1  0x00000033132e62aa in ?? () from /tmp/.mount_digikahfIXPN/usr/lib/libcrypto.so.10
#2  0x00000033132e65f6 in lh_insert () from /tmp/.mount_digikahfIXPN/usr/lib/libcrypto.so.10
#3  0x000000331326e12b in OBJ_NAME_add () from /tmp/.mount_digikahfIXPN/usr/lib/libcrypto.so.10
#4  0x00007fff201cc06a in SSL_library_init () from /lib64/libssl.so
#5  0x00007fffec081ae4 in ?? () from /tmp/.mount_digikahfIXPN/usr/lib/libQt5Network.so.5
#6  0x00007fffec08461d in ?? () from /tmp/.mount_digikahfIXPN/usr/lib/libQt5Network.so.5
#7  0x00007fffec05e6c7 in QSslCertificate::QSslCertificate(QByteArray const&, QSsl::EncodingFormat) () from /tmp/.mount_digikahfIXPN/usr/lib/libQt5Network.so.5
#8  0x00007fffec064359 in QSslConfiguration::QSslConfiguration() () from /tmp/.mount_digikahfIXPN/usr/lib/libQt5Network.so.5
#9  0x00007fffebffe051 in ?? () from /tmp/.mount_digikahfIXPN/usr/lib/libQt5Network.so.5
#10 0x00007fffec0067a2 in ?? () from /tmp/.mount_digikahfIXPN/usr/lib/libQt5Network.so.5
#11 0x00007fffebf9e660 in QNetworkAccessManager::createRequest(QNetworkAccessManager::Operation, QNetworkRequest const&, QIODevice*) () from /tmp/.mount_digikahfIXPN/usr/lib/libQt5Network.so.5
#12 0x00007fffebf9bd25 in QNetworkAccessManager::post(QNetworkRequest const&, QIODevice*) () from /tmp/.mount_digikahfIXPN/usr/lib/libQt5Network.so.5
#13 0x00007fffebf9bd91 in QNetworkAccessManager::post(QNetworkRequest const&, QByteArray const&) () from /tmp/.mount_digikahfIXPN/usr/lib/libQt5Network.so.5
#14 0x00007ffff66665c3 in O1::link (this=<optimized out>) at /b/dktemp/digikam-master/core/utilities/assistants/webservices/common/o2/src/o1.cpp:275

Qt5Network from the bundle try to open ssl lib but it cannot and fallback to the system wide version and crash due to binary compatibility issue.

Making a symbolic link in the bundle from libssl.so.10 (the version used to build the AppImage under Centos6) and libssl.so solve the problem.

Gilles Caulier
Comment 2 caulier.gilles 2018-08-13 17:06:11 UTC
Git commit dd855b7abedb21b759c374b8b08c448bdb8152dc by Gilles Caulier.
Committed on 13/08/2018 at 17:04.
Pushed by cgilles into branch 'master'.

make symbolic link for libssl.so missing in the bundle to prevent to use system based lib instead
FIXED-IN: 6.0.0

M  +2    -0    project/bundles/appimage/04-build-appimage.sh