New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't error on retcode 0 in libcrypto.OPENSSL_init_crypto call #48580

merged 1 commit into from Jul 19, 2018


None yet
4 participants

rallytime commented Jul 13, 2018

What does this PR do?

Removes the check for the libcrypto.OPENSSL_init_crypto to raise an error if the call does not return 1.

This check was added in #37772 some time ago to work around a backward-incompatible change introduced in OpenSSL1.1. Originally, libcrypto.OPENSSL_init_crypto returned 1. However, newer versions of OpenSSL, which are now available in openSUSE Tumbleweed and openSUSE Leap 15, return 0.

This commit fixes #46884 by removing the check for != 1, but maintains the older behavior of OpenSSL by excepting the AttributeError.

What issues does this PR fix or reference?

Fixes #46884
Refs saltstack/salt-bootstrap#1263

Previous Behavior

Minion would fail to start, or really do anything:

localhost:~ # salt-call --versions
Traceback (most recent call last):
  File "/usr/bin/salt-call", line 11, in <module>
  File "/usr/lib/python2.7/site-packages/salt/", line 391, in salt_call
  File "/usr/lib/python2.7/site-packages/salt/cli/", line 9, in <module>
    import salt.cli.caller
  File "/usr/lib/python2.7/site-packages/salt/cli/", line 18, in <module>
    import salt.loader
  File "/usr/lib/python2.7/site-packages/salt/", line 28, in <module>
    import salt.utils.event
  File "/usr/lib/python2.7/site-packages/salt/utils/", line 74, in <module>
    import salt.payload
  File "/usr/lib/python2.7/site-packages/salt/", line 17, in <module>
    import salt.crypt
  File "/usr/lib/python2.7/site-packages/salt/", line 55, in <module>
    import salt.utils.rsax931
  File "/usr/lib/python2.7/site-packages/salt/utils/", line 85, in <module>
    libcrypto = _init_libcrypto()
  File "/usr/lib/python2.7/site-packages/salt/utils/", line 76, in _init_libcrypto
    raise OSError("Failed to initialize OpenSSL library (OPENSSL_init_crypto failed)")
OSError: Failed to initialize OpenSSL library (OPENSSL_init_crypto failed)

New Behavior

Minion starts just fine and all is well.


This comment has been minimized.


rallytime commented Jul 13, 2018

Oh, and more specifically, it's the newest version of libopenssl1_1 in the zypper that causes this:

zypper if libopenssl1_1                                                                                                                                                                 
Information for package libopenssl1_1:
Repository     : openSUSE-Tumbleweed-Oss                    
Name           : libopenssl1_1                              
Version        : 1.1.0h-1.1                                 
Arch           : x86_64                                     
Vendor         : openSUSE                                   
Installed Size : 3.0 MiB                                    
Installed      : Yes                                        
Status         : up-to-date                                 
Source package : openssl-1_1-1.1.0h-1.1.src                 
Summary        : Secure Sockets and Transport Layer Security
Description    :                                            
    OpenSSL is a software library to be used in applications that need to
    secure communications over computer networks against eavesdropping or
    need to ascertain the identity of the party at the other end.
    OpenSSL contains an implementation of the SSL and TLS protocols.

terminalmage approved these changes Jul 13, 2018 edited

@rallytime rallytime requested a review from cachedout Jul 17, 2018

@cachedout cachedout requested a review from saltstack/team-suse Jul 18, 2018


isbm approved these changes Jul 19, 2018

@rallytime rallytime merged commit 07a1f65 into saltstack:2017.7 Jul 19, 2018

8 of 16 checks passed

continuous-integration/jenkins/pr-merge This commit cannot be built
jenkins/PR/salt-pr-linode-ubuntu16-py3 Pull Requests » Salt PR - Linode Ubuntu16.04 - PY3 #11415 — ABORTED
default Build finished.
jenkins/PR/salt-pr-linode-cent7-py3 Pull Requests » Salt PR - Linode CentOS 7 - PY3 #6445 — FAILURE
jenkins/PR/salt-pr-rs-cent7-n Pull Requests » Salt PR - RS CentOS 7 #20498 — FAILURE
jenkins/pr/py2-centos-7 The py2-centos-7 job has failed
jenkins/pr/py3-centos-7 The py3-centos-7 job has failed
jenkins/pr/py3-ubuntu-1604 The py3-ubuntu-1604 job has failed
WIP ready for review
jenkins/PR/salt-pr-clone Pull Requests » Salt PR - Clone #26661 — SUCCESS
jenkins/PR/salt-pr-docs-n Pull Requests » Salt PR - Docs #18690 — SUCCESS
jenkins/PR/salt-pr-linode-ubuntu14-n Pull Requests » Salt PR - Linode Ubuntu14.04 #24373 — SUCCESS
jenkins/PR/salt-pr-lint-n Pull Requests » Salt PR - Code Lint #23327 — SUCCESS
jenkins/pr/docs The docs job has passed
jenkins/pr/lint The lint job has passed
jenkins/pr/py2-ubuntu-1604 The py2-ubuntu-1604 job has passed

@rallytime rallytime deleted the rallytime:fix-46884 branch Jul 19, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment