Issue building 0.11.x due to paho-mqtt-sys and underlying C library changes around OpenSSL methods

[nickpelone]

Hey there,

Thanks for having the Rust binding available.

I noticed when I bumped a project from using 0.9.1 to 0.11, I got this crazy-insane linker error when building on OpenBSD/LibreSSL, a platform I regularly use. For additional context, I normally build with the default feature set (no vendored OpenSSL or anything like that) without issue. The error:

error: linking with `cc` failed: exit status: 1                                                                                                                                                                                                                                   
  |                                                                                                                                                                                                                                                                               
  = note: "cc" "-m64" **tons of linker arguments removed**
  
    = note: ld: error: undefined symbol: SSL_CTX_set_security_level            
          >>> referenced by SSLSocket.c                                      
          >>>               SSLSocket.c.o:(SSLSocket_createContext) in archive /path/to/program/target/release/deps/libpaho_mqtt_sys-d433c093ff96f11c.rlib                                                                                                                            
          cc: error: linker command failed with exit code 1 (use -v to see invocation)                                                                     
                                                                                                                                                  

Digging into that line, we see that line

	SSL_CTX_set_security_level(net->ctx, 1);

was introduced here: eclipse/paho.mqtt.c@a43528b
and appears in the tag for the 1.3.10 release, which it looks like the crate here began using in its first 0.11 release: https://github.com/eclipse/paho.mqtt.rust/blob/master/CHANGELOG.md#v0110---2021-04-16

Later on, it got gated with a version check: eclipse/paho.mqtt.c@7baa11e

#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
	SSL_CTX_set_security_level(net->ctx, 1);
#endif

but it doesn't seem to affect the issue.

What's weird, is that function has no bindings at all in openssl-sys: sfackler/rust-openssl#1380

so this should have popped out at some point, it feels like?
What's weirder still, is that this project in question still seems to build on Linux. So I have no idea how that's happening.

I understand this is a little odd, but thanks for any help or pointers you might be able to provide! In the meantime, I've pinned my dependency on paho-mqtt at 0.10 so I can continue building on OpenBSD.

[fpagliughi]

Thanks for the report. Yes, it definitely builds on Linux... and Windows and Mac. I develop mostly on Linux, but do a quick build and test on those others before a release. But I don't have a machine with OpenBSD.

I'm not too familiar with a lot of the internals in the C lib, but maybe we should raise the issue over there to get a better idea. It sounds like the version check (conditional compilation) is the proper solution, but perhaps some type of platform check may be required is the versions are different.

[nickpelone]

Thanks for getting back to me! Sorry, busy weekend.

It sounds like the version check (conditional compilation) is the proper solution, but perhaps some type of platform check may be required is the versions are different.

This sounds good, some kind of conditional to not call this on LibreSSL since I think it outright doesn't exist. I'd halfway be curious as to its inclusion in that part of the C library in the first place.

I'll file an issue over there later today and reference here. Thanks again!