Spiceinit using web=true fails

Hi, Trent told me to post this here in the hopes someone can fix it.

We’re getting an error with spiceinit, from an ISIS 7.0.0 setup I did
back in June. It happens only when web=true.

spiceinit web=true from=M114213813LE.cub

qt.network.ssl: QSslSocket: cannot resolve EVP_PKEY_base_id
qt.network.ssl: QSslSocket: cannot resolve SSL_get_peer_certificate
qt.network.ssl: QSslSocket: cannot call unresolved function SSL_get_peer_certificate

A google search gave me nothing. We’re using Centos 7. The CUB is here:


Any help is appreciated. Thanks!
-Mark Sullivan

This looks like a cert expired on our end. I’ll look into it.

Which version of OpenSSL do you have installed?

It should be the one in the conda, right? It’s:

(isis) bash-4.2$ conda list | grep -i ssl
openssl 3.0.5 h166bdaf_0 conda-forge

you can run conda list ssl to view the exact version and build numbers.

It’s the same as the version I listed above.

(isis) bash-4.2$ conda list ssl

packages in environment at /luna5/marks/anaconda3/envs/isis:

Name Version Build Channel

openssl 3.0.5 h166bdaf_0 conda-forge

Is that version new enough?

That version is new enough, but I wonder if our QT build is somehow linking the system library and not the environment library. It will take me a bit to look into this, but I’ll get back to you here.

If it’s the system openssl - I just upgraded it to the latest one in the Centos 7 repo. But am still getting the same errors. (doubtful that it would be wise of me to install a newer version into the /usr system, beyond what Centos requires, could break functionality on a number of things)

What version did you update from on your system? There’s an open bug report for QT right now related to updating OpenSSL on Ubuntu.

The system (Centos 7) was updated to:

openssl.x86_64 1:1.0.2k-25.el7_9 @updates

Though I got the bug both before and after update. Is there any way to force spiceinit to use the conda’s openssl?

Hmm, I am able to hit the spice server fine, and from looking at our certs it doesn’t seem to have expired yet. Maybe the openssl install is a better lead.

(isisdev23) :~ krodriguez$ spiceinit from=testLrowac.cub web=true
Group = Kernels
  NaifIkCode                = -85621
  LeapSecond                = $base/kernels/lsk/naif0012.tls
  TargetAttitudeShape       = ($base/kernels/pck/pck00009.tpc,
  TargetPosition            = (Table,
  InstrumentPointing        = (Table,
  Instrument                = $lro/kernels/ik/lro_lroc_v18.ti
  SpacecraftClock           = $lro/kernels/sclk/lro_clkcor_2022263_v00.tsc
  InstrumentPosition        = (Table,
  InstrumentAddendum        = $lro/kernels/iak/lro_instrumentAddendum_v05.ti
  ShapeModel                = $base/dems/ldem_128ppd_Mar2011_clon180_radius_p-
  InstrumentPositionQuality = Reconstructed
  InstrumentPointingQuality = Reconstructed
  CameraVersion             = 3
  Source                    = isis