-
Notifications
You must be signed in to change notification settings - Fork 196
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Explicitly initialize ssl #1673
Explicitly initialize ssl #1673
Conversation
@danielskinstad, Let me know if you want to start the integration pipeline by mentioning me and the command "start pipeline". my commands and optionsYou can trigger a pipeline on multiple prs with:
You can start a fast pipeline, disabling full integration tests with:
You can trigger GitHub->GitLab branch sync with:
You can cherry pick to a given branch or branches with:
|
6177933
to
1b5409e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The fix looks good.
The changelog entry could be better, giving a more descriptive summary to the user. Example: "Fix error while loading OpenSSL config file, but correctly initialize the SSL context in advance. With OpenSSL 1.1, if the config file had a ssl_???
section, it could not be loaded due to this missing initialization. This was the case in Debian Bullseye OpenSSL example configuration"
Ticket: None Signed-off-by: Daniel Skinstad Drabitzius <[email protected]>
From the OpenSSL man pages: Numerous internal OpenSSL functions call OPENSSL_init_ssl(). Therefore, in order to perform nondefault initialisation, OPENSSL_init_ssl() MUST be called by application code prior to any other OpenSSL function calls. See: https://docs.openssl.org/3.3/man3/OPENSSL_init_ssl/#description This fixes errors where e.g. the openssl config configures ssl_conf, which requires ssl to be initialized. Ticket: MEN-7549 Changelog: Fix error while loading OpenSSL config file, by explicitly initializing the SSL context prior to loading. Without the explicit initialisation of SSL, the config might not be properly loaded if e.g. it has sections specifying ssl settings. This was the case with the example configuration for OpenSSL 1.1.1w from Debian Bullseye. Signed-off-by: Daniel Skinstad Drabitzius <[email protected]>
1b5409e
to
4a3d82b
Compare
Merging these commits will result in the following changelog entries: Changelogsmender (load-conf)New changes in mender since master: Bug Fixes
|
@mender-test-bot start pipeline |
Hello 😺 I created a pipeline for you here: Pipeline-1480780697 Build Configuration Matrix
|
Hello 😺 This PR contains changelog entries. Please, verify the need of backporting it to the following release branches: |
@mender-test-bot cherry-pick to:
|
Hi 😺 |
No description provided.