Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explicitly initialize ssl #1673

Merged
merged 2 commits into from
Oct 4, 2024
Merged

Explicitly initialize ssl #1673

merged 2 commits into from
Oct 4, 2024

Conversation

danielskinstad
Copy link
Contributor

No description provided.

@mender-test-bot
Copy link

@danielskinstad, Let me know if you want to start the integration pipeline by mentioning me and the command "start pipeline".

my commands and options

You can trigger a pipeline on multiple prs with:

  • mentioning me and start pipeline --pr mender/127 --pr mender-connect/255

You can start a fast pipeline, disabling full integration tests with:

  • mentioning me and start pipeline --fast

You can trigger GitHub->GitLab branch sync with:

  • mentioning me and sync

You can cherry pick to a given branch or branches with:

  • mentioning me and:
 cherry-pick to:
 * 1.0.x
 * 2.0.x

lluiscampos
lluiscampos approved these changes Oct 3, 2024
View reviewed changes
Copy link
Contributor

@lluiscampos lluiscampos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix looks good.

The changelog entry could be better, giving a more descriptive summary to the user. Example: "Fix error while loading OpenSSL config file, but correctly initialize the SSL context in advance. With OpenSSL 1.1, if the config file had a ssl_??? section, it could not be loaded due to this missing initialization. This was the case in Debian Bullseye OpenSSL example configuration"

src/common/crypto/platform/openssl/crypto.cpp Outdated Show resolved Hide resolved
@danielskinstad
chore: remove redundant parenthesis
a623641 
Ticket: None

Signed-off-by: Daniel Skinstad Drabitzius <[email protected]>
@danielskinstad
fix: explicitly initialize ssl
4a3d82b 
From the OpenSSL man pages:
Numerous internal OpenSSL functions call OPENSSL_init_ssl().
Therefore, in order to perform nondefault initialisation,
OPENSSL_init_ssl() MUST be called by application code prior to any other OpenSSL function calls.
See: https://docs.openssl.org/3.3/man3/OPENSSL_init_ssl/#description

This fixes errors where e.g. the openssl config configures ssl_conf,
which requires ssl to be initialized.

Ticket: MEN-7549
Changelog: Fix error while loading OpenSSL config file, by explicitly
initializing the SSL context prior to loading. Without the explicit
initialisation of SSL, the config might not be properly loaded if e.g.
it has sections specifying ssl settings. This was the case with the
example configuration for OpenSSL 1.1.1w from Debian Bullseye.

Signed-off-by: Daniel Skinstad Drabitzius <[email protected]>
@mender-test-bot
Copy link

mender-test-bot commented Oct 3, 2024
edited by jira bot
Loading

Merging these commits will result in the following changelog entries:

Changelogs

mender (load-conf)

New changes in mender since master:

Bug Fixes
  • Fix error while loading OpenSSL config file, by explicitly
    initializing the SSL context prior to loading. Without the explicit
    initialisation of SSL, the config might not be properly loaded if e.g.
    it has sections specifying ssl settings. This was the case with the
    example configuration for OpenSSL 1.1.1w from Debian Bullseye.
    (MEN-7549)

@danielskinstad
Copy link
Contributor Author

@mender-test-bot start pipeline

@mender-test-bot
Copy link

Hello 😺 I created a pipeline for you here: Pipeline-1480780697

Build Configuration Matrix

Key Value
AUDITLOGS_REV master
BUILD_BEAGLEBONEBLACK true
BUILD_CLIENT true
BUILD_QEMUX86_64_BIOS_GRUB true
BUILD_QEMUX86_64_BIOS_GRUB_GPT true
BUILD_QEMUX86_64_UEFI_GRUB true
BUILD_VEXPRESS_QEMU true
BUILD_VEXPRESS_QEMU_FLASH true
BUILD_VEXPRESS_QEMU_UBOOT_UEFI_GRUB true
CREATE_ARTIFACT_WORKER_REV master
DEPLOYMENTS_ENTERPRISE_REV master
DEPLOYMENTS_REV master
DEVICEAUTH_ENTERPRISE_REV master
DEVICEAUTH_REV master
DEVICECONFIG_REV master
DEVICECONNECT_REV master
DEVICEMONITOR_REV master
GENERATE_DELTA_WORKER_REV master
GUI_REV master
INTEGRATION_REV master
INVENTORY_ENTERPRISE_REV master
INVENTORY_REV master
IOT_MANAGER_REV master
MENDER_ARTIFACT_REV master
MENDER_BINARY_DELTA_REV master
MENDER_CLI_REV master
MENDER_CONFIGURE_MODULE_REV master
MENDER_CONNECT_REV master
MENDER_CONVERT_REV master
MENDER_GATEWAY_REV master
MENDER_REV pull/1673/head
MENDER_SETUP_REV master
MENDER_SNAPSHOT_REV master
MONITOR_CLIENT_REV master
RUN_BACKEND_INTEGRATION_TESTS true
RUN_INTEGRATION_TESTS true
TENANTADM_REV master
TEST_QEMUX86_64_BIOS_GRUB true
TEST_QEMUX86_64_BIOS_GRUB_GPT true
TEST_QEMUX86_64_UEFI_GRUB true
TEST_VEXPRESS_QEMU true
TEST_VEXPRESS_QEMU_FLASH true
TEST_VEXPRESS_QEMU_UBOOT_UEFI_GRUB true
USERADM_ENTERPRISE_REV master
USERADM_REV master
WORKFLOWS_ENTERPRISE_REV master
WORKFLOWS_REV master

@danielskinstad danielskinstad merged commit fd80c25 into mendersoftware:master Oct 4, 2024
18 checks passed
@mender-test-bot
Copy link

Hello 😺 This PR contains changelog entries. Please, verify the need of backporting it to the following release branches:
4.0.x (release 3.7.x) - 🤖 🍒

@danielskinstad
Copy link
Contributor Author

@mender-test-bot cherry-pick to:

  • 4.0.x

@mender-test-bot
Copy link

Hi 😺
I did my very best, and this is the result of the cherry pick operation:

@mender-test-bot mender-test-bot mentioned this pull request Oct 4, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lluiscampos lluiscampos lluiscampos approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@danielskinstad @mender-test-bot @lluiscampos