Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Support initializing OpenSSL 1.1 #37772
salt-call fails to run with OpenSSL 1.1:
OpenSSL 1.1 replaced the symbols OPENSSL_no_config and OPENSSL_add_all_algorithms_noconf by OPENSSL_init_crypto and added these definitions:
These definitions can only be used when compiling the source code, but not when loading the symbols dynamically. Thus salt needs to adapt the initialization for OpenSSL 1.1. Try to use OPENSSL_init_crypto (which was introduced in OpenSSL 1.1) and fall back to the previous behavior
You can easily reproduce the issue on Debian unstable by running
referenced this pull request
Nov 20, 2016
All this misses is maybe a comment around the OpenSSL 1.1 init calls to make it easy for others to find and update just in case OpenSSL 1.1 initialization API isn't as stable as we think today, and also to help identify the legacy OpenSSL init in case the old OpenSSL gets deprecated for security reasons.
Otherwise I love this.