#Why Won't This Rust App Install?
Rust has a great dependency management tool called Cargo. Although its benefits are numerous it is not perfect. Although many times the issues are due to user error. However, there are some limitations that limit the effectiveness of Cargo and Rust.
There are many applications on Crates.io which require OpenSSL. Big deal right? Wrong! The crate that provides access to the OpenSSL installation on your computer most likely does not support the latest version of OpenSSL.
##What Does That Mean?
This means that all of the Rust applications using the
openssl crate expect an older version of OpenSSL installed on your computer, which probably won't be found. So when you attempt to
cargo install a program you will likely see is an error message similar to:
thread 'main' panicked at 'Unable to detect OpenSSL version
Could not find directory of OpenSSL installation, and this `-sys` crate cannot proceed without this knowledge. If OpenSSL is installed and this crate had trouble finding it, you can set the `OPENSSL_DIR` environment variable for the compilation process.
Why does the
openssl crate rely on an older OpenSSL version?? The answer is simple and rational. Many Rust programs depend on the
openssl crate, and the latest greatest OpenSSL version contains breaking changes to the API. If the
openssl crate were constantly upgraded to the latest version if OpenSSL everytime they released an update it would break every application that was built using the older version of the
openssl crate. The
openssl crate maintainers support an older version on purpose so as to not break all the crates that rely upon it.
#So What Now?
So just downgrade your OpenSSL right? WRONG! Do not downgrade your OpenSSL to an older version, this will introduce bugs and security vulnerabilities into any program that uses it.
Fortunately there is a workaround. Install a second OpenSSL version that is only used for Rust programs that rely on an older version of OpenSSL. This will limit the security vulnerabilites to only the Rust programs, which hopefully will not have any severe repercussions.
These instructions will be for Ubuntu Linux, but it should be possible to adapt these to any operating system by modifying the apt commands to your system's equivalent commands.
Go to the OpenSSL website and download an older version of the soruce. I went with the 1.0.2p version and I would recommend doing the same (it seems to be the latest update of the 1.0.2 branch at the time of writing)
Extract and copy the older OpenSSL version to
/usr/local/openssl-1.0.2p(or whatever version you are using)
Run the following commands in the newly created directory
./config --prefix=/usr/local/openssl-1.0.2p --openssldir=/usr/local/openssl-1.0.2p make make test sudo make install
- Now you are ready to install your cargo apps that before did not work, just make sure to add the following environmental variables:
export OPENSSL_INCLUDE_DIR=/usr/local/openssl-1.0.2p/include export OPENSSL_DIR=/usr/local/openssl-1.0.2p export PKG_CONFIG_PATH=/usr/local/openssl-1.0.2p/lib/pkgconfig
Now if you try something like:
cargo install cargo-audit
it will use the older OpenSSL version which should be compatible with the older version being used in the crate. If not, look on the crate's website/documentation and look to see if they recommend using a specific OpenSSL version (the openssl crate is a good place to look - OpenSSL-Sys Cargo.toml), or keeping try other OpenSSL versions until it works.
The openssl crate for Rust - https://docs.rs/openssl/0.10.16/openssl/
Sources & Resources
OpenSSL in Rust:
I am not liable for any damages of any kind resulting for the use of this article. Read and use this article and the information contained in it at your own risk. Changing your OpenSSL version, especially downgrading it, can potentially affect programs on your system in a negative or harmful way, please do not make changes unless you absolutely know what you are doing and the full range of consequences of your actions.