Unable to load dynamic library because of undefined symbol: sk_pop_free on Fedora 30

[sustmi]

Briefly

I have Fedora 30. I built the extension from sources using build.sh and installed it using make install.
After enabling the extension I got the following warning when running php -v:

PHP Warning:  PHP Startup: Unable to load dynamic library '/opt/remi/php71/root/usr/lib64/php/modules/aerospike.so' - /opt/remi/php71/root/usr/lib64/php/modules/aerospike.so: undefined symbol: sk_pop_free in Unknown on line 0

Details

The problem is that Fedora 30 uses OpenSSL in version 1.1 by default and this version has symbol OPENSSL_sk_pop_free instead. The older OpenSSL 1.0 used to have symbol sk_pop_free.
I found out that the code that requires this symbol is not required by aerospike-client-php itself but by its dependency aerospike-client-c.

The build.sh script internally calls scripts/aerospike-client-c.sh that takes care of downloading the right libaerospike.a binary. It first detects what is the distribution/version of the running OS using scripts/os_version.sh and then downloads certain package that contains the pre-compiled library.

However, Fedora 30 (or Fedora 16 and higher to be more precise) is detected as Red Hat Enterprise Linux 7. Therefore the scripts/aerospike-client-c.sh script downloads aerospike-client-c-devel-4.5.0-1.el7.x86_64.rpm for my system.
This package contains a binary that is compiled for OpenSSL 1.0 and therefore it contains references to sk_pop_free symbol.

Fedora 30 uses OpenSSL 1.1 by default, meaning that /usr/lib64/libcrypto.so links to libcrypto.so.1.1.1b. But it also has compat-openssl10 package that provides old OpenSSL 1.0 API by /usr/lib64/libcrypto.so.10 symlink that links to libcrypto.so.1.0.2o.

When the aerospike-client-php extension is linked, the following command is used:

cc -shared  -fPIC -DPIC  .libs/aerospike.o .libs/conversions.o .libs/logging.o \
    .libs/persistent_list.o .libs/register_constants.o .libs/policy_conversions.o \
    .libs/register_policy_constants.o .libs/serializers.o .libs/tls_config.o \
    .libs/user_callbacks.o client/.libs/aerospike_class.o client/.libs/aerospike_session.o \
    client/.libs/admin.o client/.libs/append.o client/.libs/apply.o client/.libs/exists.o \
    client/.libs/exists_many.o client/.libs/get.o client/.libs/get_many.o \
    client/.libs/get_key_digest.o client/.libs/get_nodes.o client/.libs/increment.o \
    client/.libs/info.o client/.libs/job_info.o client/.libs/list_operations.o \
    client/.libs/log_handlers.o client/.libs/operate.o client/.libs/php_client_utils.o \
    client/.libs/predicate.o client/.libs/prepend.o client/.libs/put.o client/.libs/query.o \
    client/.libs/remove.o client/.libs/remove_bin.o client/.libs/scan.o client/.libs/scan_apply.o \
    client/.libs/scan_info.o client/.libs/secondary_index.o client/.libs/touch.o \
    client/.libs/truncate.o client/.libs/udf.o client/.libs/user_serializers.o   \
    -L/mnt/f/www/vagrant-repos/atmoskop/vendor/aerospike/aerospike-client-php/src/../aerospike-client-c/lib \
    -laerospike -L/usr/lib64 -lcrypto -lrt  -g -Wl,-Bstatic -Wl,-Bdynamic   \
    -Wl,-soname -Wl,aerospike.so -o .libs/aerospike.so

Notice the -lcrypto. This links the default /usr/lib64/libcrypt.so library that is from OpenSSL 1.1.

Workarounds

I managed to link the 1.0 library by executing the command with -l:libcrypto.so.10 instead of -lcrypto.

I also managed to fix the problem by compiling aerospike-client-c from sources automatically linking to the OpenSSL 1.1.
Then I had to rerun the build of aerospike-client-php using the following command:

DOWNLOAD_C_CLIENT=0 PREFIX=~/git_projects/aerospike-client-c/target/Linux-x86_64/ ./build.sh

where ~/git_projects/aerospike-client-c/ is path to the manually compiled aerospike-client-c.

Proposed solutions

I guess you can either provide different binary package for new Fedora releases that would contain libaerospike.a linked for OpenSSL 1.1 or you can change the build so that it requires/links specifically version 1.0 of OpenSSL.

Or, maybe you could change the build process of the aerospike-client-php package in a way that it would automatically compile aerospike-client-c instead of downloading a pre-compiled library.

[sustmi]

I found that OpenSSL 1.1 was introduced in Fedora 26: https://docs.fedoraproject.org/en-US/Fedora/26/html/Release_Notes/sect-changes-for-sysadmins.html#sect-security-openssl110

[aerospikerobertmarks]

@sustmi
Thank you so much for the detailed report. I'll look into what we can do to fix the issue so that the install is simpler.