Openssl vs openssl3

Reading through the posts about openssl3. Kind of need it for a program.

Installed “Eric7“, and there’s a TLS error:

qt.tlsbackend.ossl: Incompatible version of OpenSSL (built with OpenSSL >= 3.x, runtime version is < 3.x)

On RL 8, grep openssl <(dnf ls available) says that openssl3 available in epel. It doesn’t say anything on conflicts, or if it’s upgrading/replacing (the installed) openssl.

Would it be possible to install it, w/o breaking the system - if sys needs the 1.1k version? Or will/can they live side by side?

EPEL packages do not conflict nor overwrite the base. With that being said, the error message clearly states that it was built with openssl less than 3. This likely means that even if you install openssl3 from epel, there is no guarantee it will work.

1 Like

Thanks! :+1: That’s good to know.

I read it the other way… The progr is built with >=3.x, and that my runtime is <=3 (ie. because I have 1.1)

There are a few reports, like this: https://tracker.die-offenbachs.homelinux.org/issues/issue469

And a couple of older ones where the problem is the other way around. Systems w openssl3 couldn’t run it when it needed 1.1. Appearently there’s compat-lib in RL9 for that: https://tracker.die-offenbachs.homelinux.org/issues/issue433

Ok, I’ll try to install it. :crossed_fingers::+1:

It did work. The Error popup is gone.

Thank you! for the help, and your quick reply. :crossed_fingers: :+1:

$ openssl version && openssl3 version && type openssl{,3}
OpenSSL 1.1.1k  FIPS 25 Mar 2021
OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
openssl is hashed (/usr/bin/openssl)
openssl3 is hashed (/usr/bin/openssl3)

That was my interpretation too. It is interesting that there is such error message. Normally, dynamic linker will say “xxx not found” when executable has been linked with version that is not present on the runtime system. Your program does thus something other than mere implicit linking.

Yes, el9 has compat-openssl11 that provides:

/usr/lib64/engines-1.1/afalg.so
/usr/lib64/engines-1.1/padlock.so
/usr/lib64/libcrypto.so.1.1
/usr/lib64/libcrypto.so.1.1.1k
/usr/lib64/libssl.so.1.1
/usr/lib64/libssl.so.1.1.1k

Note: no /usr/bin/openssl*, and the OpenSSL 3 of el9 has /usr/bin/openssl, not /usr/bin/openssl3


One can see what a package provides even without installing it (and which packages provide a file):

dnf rq -l openssl3
dnf provides *bin/openssl\*
1 Like

The message only appears when starting the program from Terminal. When starting it normal, and I go to the plugin repo and try to update/install something, It gives a popup msg with: “Could not download the requested file from https-<link>”. Ending with: “Error: TLS initialization failed”.

I don’t think the program (Eric7) is doing something xtra. I think it’s a Qt thing, from what I’ve read.

But, it works now. Very glad about that. :crossed_fingers:

Here’s the full msg btw… What was in the output when starting from cli, in case it is of interest. After that the progr started as normal, but w tls not working.

Startup output …
$ /path/2/eric7_ide
qt.tlsbackend.ossl: Incompatible version of OpenSSL (built with OpenSSL >= 3.x, runtime version is < 3.x)
qt.network.ssl: The backend "cert-only" does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend "cert-only" does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend "cert-only" does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend "cert-only" does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend "cert-only" does not provide system CA certificates
Background Service listening on: 127.0.0.1:41025
qt.network.ssl: The backend "cert-only" does not provide system CA certificates
qt.network.ssl: The backend "cert-only" does not provide system CA certificates
JSON server (JediServer) listening on: 127.0.0.1:46579
qt.network.ssl: The backend "cert-only" does not provide system CA certificates
qt.network.ssl: The backend "cert-only" does not provide system CA certificates