Missing libcrypto.so.1.0.0


#1

Hi,
Attached sslconnect.rar is my legato project trying to use openSSL function in AR7550.
It is ok to build it in Developer Studio by adding the following:
Properties-> c/C++ build -> Settings ->tool settings-> C build options-> additional linker option(-L) -> add “-lcrypto” and “-lssl”

However when I run it, the legato console in Developer studio always says:
02:53:19 =ERR= | sslconnect[9357] | sslconnect: error while loading shared libraries: libcrypto.so.1.0.0: cannot open shared object file: No such file or directory

I found that when programs start, it never import the /lib/libcrypto.so.1.0.0 into the sandbox directory :/tmp/legato/sandboxes/sslconnect/lib
Any idea on this?

FYI, the sslconnect.c can be compiled directly by the following and run successfully in the UART console:


owner@ubuntu:~/Legato/sslconnect$ /opt/swi/y17-ext/sysroots/x86_64-pokysdk-linux/usr/bin/arm-poky-linux-gnueabi/arm-poky-linux-gnueabi-gcc -o sslconnect.arm.o sslconnect.c -lssl -lcrypto


Problem now only cannot run in the legato sandbox.
Please help!

Jack


#2

Hi,

You need to require the libs in your cdef file:

requires: { lib: { ssl crypto } }
See:
legato.io/legato-docs/15_10/ … equiresLib

This should be enough to make it work with a not sandboxed Legato app, with the following line on top of your adef file:

If you really want to have it working in a sandboxed app then you will have to import a lot of additional stuff using your cdef file (".so" files of each lib and all the files used by these libs like conf files or other libs, …).

So, maybe the simplest way is to create your own custom Legato “TCP/IP and SSL” service with root privileges (i.e. a not sandoxed Legato app) which will offer a set of custom APIs to your others Legato apps (sandboxed or not) in order to do SSL.

Jay


#3

Hi Jay,
Thanks for your information!.
It works now with :

1.In .adef, add the following to have root privileges (i.e. a not sandoxed Legato app)
sandboxed: false

2.In component.cdef, add the following:

	requires:
	{
	    lib:
	    {
	        ssl
	        crypto
	    }
	    file:
	    {
	        // Make the library available inside the app sandbox (in the app's /lib directory).
	        /usr/lib/libssl.so.1.0.0    /lib/
	        /lib/libcrypto.so.1.0.0 /lib/
	    }
	}

Just a small question( for my knowledge only), in case I still want it to run in sandbox, I found that the required libssl.so.1.0.0 and libcrypto.so.1.0.0 can be found in real time.
However, it will say it cannot resolve the host name (www.hp.com).
It is working fine without the sandbox function.

I have tried using real IP, but it will have more problem in using SSL:
00:56:29 INFO | sslconnect[17031] | Successfully made the TCP connection to: 15.201.49.152.
00:56:29 INFO | sslconnect[17031] | Error: Could not build a SSL session to: 15.201.49.152.
00:56:29 INFO | sslconnect[17031] | Error: Could not get a certificate from: 15.201.49.152.

So my question is “is that using sandbox to resolve host name or SSL operation, we need to import more library?”

Thx!
Jack


#4

Hi,

Yes, you need to import several files in order to make it work in a sandbox.
It is because SSL libs will use the other libs for TCP/IP stuff (DNS resolver, IP services, …).

I succeed to do SSL (a basic “file downloader” over HTTPS) in a sandboxed app by using the following cdef:

[code]sources:
{
sslHello.c
}

requires:
{
lib:
{
ssl
crypto
}

// If the app is sandboxed then it is needed to request access
// to the following files which are out of the sandbox:
file:
{
// Binary files of OpenSSL and Crypto libs
/usr/lib/libssl.so.1.0.0 /lib/
/lib/libcrypto.so.1.0.0 /lib/
// IP services
/etc/services /etc/
// The following files are required for the DNS resolver
/etc/nsswitch.conf /etc/
/etc/resolv.conf /etc/
/etc/dnsmasq.conf /etc/
/etc/hosts /etc/
/etc/host.conf /etc/
/lib/libnss_dns.so.2 /lib/
/lib/libnss_files.so.2 /lib/
/lib/libresolv.so.2 /lib/
}

// If the app is sandboxed then it is needed to request access
// to the following devices:
device:
{
// random number generator
/dev/urandom /dev/
}
}[/code]
If your SSL code is using a certificate then you need also to bundle it into your sandbox using the adef file:

bundles: { file: { pem/Verisign.pem /etc/ssl/ } }

Jay