Bug 1188 - Unresolved symbol 'fake_dsa' in libunbound.so when built with Nettle
Unresolved symbol 'fake_dsa' in libunbound.so when built with Nettle
Product: unbound
Classification: Unclassified
Component: server
x86_64 Linux
: P5 normal
Assigned To: unbound team
Depends on:
  Show dependency treegraph
Reported: 2016-12-16 17:57 CET by Robert Edmonds
Modified: 2016-12-21 11:35 CET (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Robert Edmonds 2016-12-16 17:57:12 CET

Apologies for not catching this when testing 1.6.0rc1.

When Unbound is configured with "--with-libunbound-only --with-nettle", the built libunbound.so includes an unresolved symbol "fake_dsa":

edmonds@chase{0}:/tmp/unbound-1.6.0$ ./configure --with-libunbound-only --with-nettle && make
edmonds@chase{0}:/tmp/unbound-1.6.0$ nm -D ./.libs/libunbound.so.2.4.3 | grep fake                 
                 U fake_dsa

This symbol isn't provided by any of the libraries libunbound links with, so any binary linked with libunbound fails to start with an error like:

symbol lookup: error: /usr/lib/x86_64-linux-gnu/libunbound.so.2: undefined symbol: fake_dsa'

It looks like the fake_dsa reference comes from the usage in util/configparser.y (and the 'extern int fake_dsa' in util/config_file.h), but somehow the storage for 'fake_dsa' is not being picked up by the linker?

I also tried configuring with "--disable-flto", but that didn't make a difference.
Comment 2 Ralph Dolmans 2016-12-21 11:35:05 CET
Hi Robert,

The observation in the debian bug report is correct, fake_dsa is only defined when HAVE_SSL is defined.

Fixed this issue in a similar way as the debian patch (the debian patch will also work fine).

I leave this report open, since I think we don't need this fake_dsa feature anymore. Openssl 1.1 does support DSA.

-- Ralph