deltachat-rpc-server 1.133.1 binaries fail to setup accounts via QR code on Linux
link2xt opened this issue · comments
To reproduce:
python3 -m venv --upgrade-deps venv
. venv/bin/activate
pip install deltachat-rpc-client==1.133.1 deltachat-rpc-server==1.133.1
cat >x.py <<EOF
#!/usr/bin/env python3
from deltachat_rpc_client import DeltaChat, EventType, Rpc, SpecialContactId
with Rpc() as rpc:
account_id = rpc.add_account()
url = "DCACCOUNT:https://nine.testrun.org/new"
rpc.set_config_from_qr(account_id, url)
EOF
python3 x.py
Failure:
Traceback (most recent call last):
File "/home/user/tmp/chatmailtest/x.py", line 7, in <module>
rpc.set_config_from_qr(account_id, url)
File "/home/user/tmp/chatmailtest/venv/lib/python3.11/site-packages/deltachat_rpc_client/rpc.py", line 163, in method
raise JsonRpcError(response["error"])
deltachat_rpc_client.rpc.JsonRpcError: {'code': -1, 'message': 'builder error: error:0A080014:SSL routines:SSL_CTX_new_ex:reason(524308):ssl/ssl_lib.c:3929:\n\nCaused by:\n error:0A080014:SSL routines:SSL_CTX_new_ex:reason(524308):ssl/ssl_lib.c:3929:'}
If I do pip install deltachat-rpc-client==1.131.4 deltachat-rpc-server==1.131.4 instead, it works.
There is something changed between 1.131.4 and 1.133.1 releases.
So if I start deltachat-rpc-server manually and run
{"id": 1, "method": "set_config_from_qr", "params": [1, "DCACCOUNT:https://nine.testrun.org/new"]}
I get this
{"jsonrpc":"2.0","id":1,"error":{"code":-1,"message":"builder error: error:0A080014:SSL routines:SSL_CTX_new_ex:reason(524308):ssl/ssl_lib.c:3929:\n\nCaused by:\n error:0A080014:SSL routines:SSL_CTX_new_ex:reason(524308):ssl/ssl_lib.c:3929:"}}
(there is already an account 1 created in accounts folder)
1.133.1 from https://github.com/deltachat/deltachat-core-rust/releases/download/v1.133.1/deltachat-rpc-server-x86_64-linux does not work.
1.133.0 from https://github.com/deltachat/deltachat-core-rust/releases/download/v1.133.0/deltachat-rpc-server-x86_64-linux does not work.
1.132.1 from https://github.com/deltachat/deltachat-core-rust/releases/download/v1.132.1/deltachat-rpc-server-x86_64-linux works.
1.132.0 from https://github.com/deltachat/deltachat-core-rust/releases/download/v1.132.0/deltachat-rpc-server-x86_64-linux works.
1.131.9 from https://github.com/deltachat/deltachat-core-rust/releases/download/v1.131.9/deltachat-rpc-server-x86_64-linux works.
1.131.7 from https://github.com/deltachat/deltachat-core-rust/releases/download/v1.131.7/deltachat-rpc-server-x86_64-linux works.
With rlwrap cargo run in deltachat-rpc-server on main branch (v1.133.1 tag) it also works:
{"id": 1, "method": "add_account"}
{"jsonrpc":"2.0","id":1,"result":1}
{"id": 2, "method": "set_config_from_qr", "params": [1, "DCACCOUNT:https://nine.testrun.org/new"]}
{"jsonrpc":"2.0","id":2,"result":null}
So something does not work when compiled with musl probably, need to retry with musl target.
With rlwrap cargo run --target x86_64-unknown-linux-musl it also works, so it is not musl but zig or CI environment change. Next step is to try to build it with zig, but locally.
Built with scripts/zig-rpc-server.sh, get this locally running rlwrap ../dist/deltachat-rpc-server-x86_64-linux:
{"id": 2, "method": "set_config_from_qr", "params": [1, "DCACCOUNT:https://nine.testrun.org/new"]}
{"jsonrpc":"2.0","id":2,"error":{"code":-1,"message":"builder error: error:0A080014:SSL routines:SSL_CTX_new_ex:reason(524308):ssl/ssl_lib.c:3929:\n\nCaused by:\n error:0A080014:SSL routines:SSL_CTX_new_ex:reason(524308):ssl/ssl_lib.c:3929:"}}
This code panics:
let mut tls = native_tls::TlsConnector::builder();
let _tls = tls.build().unwrap();
Built minimal example, openssl-src 300.1.6 works, openssl-src 300.2.0 fails.
UPD: minimized down to
openssl::ssl::SslConnector::builder(openssl::ssl::SslMethod::tls()).unwrap();
This is the line in openssl-src 3.2.0 that is referenced in the error:
https://github.com/openssl/openssl/blob/cf2877791ce7508684109664f467c9e40987692f/ssl/ssl_lib.c#L3928
I have git bisect-ed it to OpenSSL commit openssl/openssl@fc570b2
by running cargo clean -p openssl-src && scripts/build.sh && target/x86_64-unknown-linux-musl/debug/minopensslbug on a minimal example with this Cargo.toml:
[package]
name = "minopensslbug"
version = "0.1.0"
edition = "2021"
[patch.crates-io]
openssl-src = { version = "300.2.0", path = "../openssl-src-rs" }
[dependencies]
openssl = { version = "*", features = ["vendored"] }
openssl-src = "=300.2.0"
openssl-src-rs is checked out at 300.2.0+3.2.0 and I bisected submodule inside.
Minimal example: https://github.com/link2xt/minopensslbug
UPD: there is a better example https://github.com/link2xt/openssl-zig-regression that does not depend on Rust, see below.
I have opened upstream issue openssl/openssl#23376 with a minimal example https://github.com/link2xt/openssl-zig-regression that does not involve Rust.
Marking as blocker, we should fix it for the next core release, worst case by downgrading to older OpenSSL or switching HTTP code to Rustls if IMAP and SMTP code is not affected, but likely it is.
Currently deltachat-rpc-server Python wheels are broken.
I am going to downgrade deltachat core to OpenSSL 3.1 for now.
According to https://www.openssl.org/policies/releasestrat.html "Version 3.1 will be supported until 2025-03-14".