fix: linux goosed crashing libssl error #6051
Conversation
This reverts commit 1f23a20.
|
@michaelneale can you follow up and check if the goose remote access feature still works after this change? |
|
looking into failing tunnel test |
|
yeah it was pulling in |
|
Fix for tests failing: Using rustls-tls-native-roots instead of native-tls uses rustls (a pure Rust TLS implementation) which doesn't depend on system OpenSSL. However, rustls 0.23.x requires an explicit crypto provider to be installed at runtime so I added the ring feature and the install_default() call. |
can you say more about this? |
|
Using rustls-tls-native-roots instead of native-tls switches to rustls, a pure Rust TLS implementation that doesn't depend on system OpenSSL. The native-roots part means it still uses the system's trusted certificate store for validating server certificates. However, rustls 0.23.x no longer bundles a default cryptographic backend—it requires an explicit crypto provider to be installed at runtime. The library supports two options: ring (mature, widely used) or aws-lc-rs (AWS's libcrypto). Since both were already in our dependency tree via other crates, I chose ring and added the install_default() call to register it as the process-wide crypto provider before any TLS connections are made. |
* 'main' of github.com:block/goose: blog: How to stop your ai agent from making unwanted code changes (#6055) Fix typo in prompt (#6007) Docs for new terminal integration feature (#6042) fix: linux goosed crashing libssl error (#6051) chore(release): release version 1.16.0 (minor) (#5985) fix: metrics on posthog (#6024) gov: new LF Projects LLC section (#6027) Cleanup: Remove Recipe Key Flow (#6015) chore(deps): bump mdast-util-to-hast from 13.2.0 to 13.2.1 in /documentation (#5963) remove problematic corrupted woff font (#6006) Added search bar / filtering for recipes (#6019)
…aults-per-session * 'main' of github.com:block/goose: blog: How to stop your ai agent from making unwanted code changes (#6055) Fix typo in prompt (#6007) Docs for new terminal integration feature (#6042) fix: linux goosed crashing libssl error (#6051) chore(release): release version 1.16.0 (minor) (#5985) fix: metrics on posthog (#6024) gov: new LF Projects LLC section (#6027) Cleanup: Remove Recipe Key Flow (#6015) chore(deps): bump mdast-util-to-hast from 13.2.0 to 13.2.1 in /documentation (#5963) remove problematic corrupted woff font (#6006) Added search bar / filtering for recipes (#6019)
…nses-streaming * 'main' of github.com:block/goose: blog: How to stop your ai agent from making unwanted code changes (#6055) Fix typo in prompt (#6007) Docs for new terminal integration feature (#6042) fix: linux goosed crashing libssl error (#6051) chore(release): release version 1.16.0 (minor) (#5985) fix: metrics on posthog (#6024) gov: new LF Projects LLC section (#6027) Cleanup: Remove Recipe Key Flow (#6015) chore(deps): bump mdast-util-to-hast from 13.2.0 to 13.2.1 in /documentation (#5963) remove problematic corrupted woff font (#6006) Added search bar / filtering for recipes (#6019) Hide recipe icon in empty chat (#6022) docs: provider and model config (#6008) Show modal selector after configuring a provider (#6005) docs: additional mcp sampling resources (#6020) Flutter PR Code Review (#6011) feat(mcp): elicitation support (#5965)
* 'main' of github.com:block/goose: blog: How to stop your ai agent from making unwanted code changes (#6055) Fix typo in prompt (#6007) Docs for new terminal integration feature (#6042) fix: linux goosed crashing libssl error (#6051) chore(release): release version 1.16.0 (minor) (#5985) fix: metrics on posthog (#6024) gov: new LF Projects LLC section (#6027)
…oose into dkatz/openai-responses-streaming * 'dkatz/openai-responses-streaming' of github.com:block/goose: Rm stray leave errors in the context blog: How to stop your ai agent from making unwanted code changes (#6055) Fix typo in prompt (#6007) Docs for new terminal integration feature (#6042) fix: linux goosed crashing libssl error (#6051) chore(release): release version 1.16.0 (minor) (#5985) fix: metrics on posthog (#6024) gov: new LF Projects LLC section (#6027) Cleanup: Remove Recipe Key Flow (#6015) chore(deps): bump mdast-util-to-hast from 13.2.0 to 13.2.1 in /documentation (#5963) remove problematic corrupted woff font (#6006) Added search bar / filtering for recipes (#6019) Hide recipe icon in empty chat (#6022) docs: provider and model config (#6008) Show modal selector after configuring a provider (#6005) docs: additional mcp sampling resources (#6020) Flutter PR Code Review (#6011) feat(mcp): elicitation support (#5965)
Summary
fixes #6034
Root Cause
The bug was introduced in PR #5251 "goose remote access" which added the
tokio-tungstenitedependency with thenative-tlsfeature tocrates/goose-server/Cargo.toml:On Linux,
native-tlsuses OpenSSL via the system'slibssl. The build environment (likely Ubuntu 20.04 or similar) links against OpenSSL 1.1 (libssl.so.1.1), but modern Linux distributions ship with OpenSSL 3.x (libssl.so.3):This causes a runtime error:
libssl.so.1.1: cannot open shared object file.Fix
Change
tokio-tungstenitefromnative-tlstorustls-tls-native-roots:Why this works:
rustlsis a pure Rust TLS implementation - no system OpenSSL dependencyrustls-tls-native-rootsuses the system's certificate store for trust anchorsreqwestin the same file which already usesrustls-tlsFiles Changed
crates/goose-server/Cargo.toml- one line changeThe fix removes
native-tls,tokio-native-tls,openssl,openssl-probe, andopenssl-sysfrom the dependency tree, replacing them withrustlsandtokio-rustls.