Skip to content

Commit d5da6b3

Browse files
junarugajunaruga
committed
Make "rake debug" protective for a Ruby OpenSSL loading error.
We experienced a FIPS case specific Ruby OpenSSL error in the loading process of Ruby OpenSSL by calling the `ruby -ropenssl` (`require 'openssl'`) built with OpenSSL master branch which includes the commit <openssl/openssl@6d47e81> but doesn't include the commit <openssl/openssl@3c6e114> fixing the issue. The following error happened at `lib/openssl.rb:22` calling the `lib/openssl/ssl.rb` with the OpenSSL commit <14e46600c68ece74970462a60ad20703221747a1> which is between the above 2 commits. ``` $ OPENSSL_CONF=/home/jaruga/.local/openssl-3.4.0-dev-fips-debug-14e46600c6/ssl/openssl_fips.cnf \ bundle exec rake debug ... ruby 3.4.0dev (2024-07-22T08:33:07Z master 82aee1a946) [x86_64-linux] /home/jaruga/var/git/ruby/openssl/lib/openssl/pkey.rb:132:in 'OpenSSL::PKey::DH#initialize': could not parse pkey (OpenSSL::PKey::DHError) from /home/jaruga/var/git/ruby/openssl/lib/openssl/pkey.rb:132:in 'Class#new' from /home/jaruga/var/git/ruby/openssl/lib/openssl/pkey.rb:132:in 'OpenSSL::PKey::DH.new' from /home/jaruga/var/git/ruby/openssl/lib/openssl/ssl.rb:36:in '<class:SSLContext>' from /home/jaruga/var/git/ruby/openssl/lib/openssl/ssl.rb:23:in '<module:SSL>' from /home/jaruga/var/git/ruby/openssl/lib/openssl/ssl.rb:22:in '<module:OpenSSL>' from /home/jaruga/var/git/ruby/openssl/lib/openssl/ssl.rb:21:in '<top (required)>' from /home/jaruga/var/git/ruby/openssl/lib/openssl.rb:22:in 'Kernel#require_relative' from /home/jaruga/var/git/ruby/openssl/lib/openssl.rb:22:in '<top (required)>' from /home/jaruga/.local/ruby-3.4.0dev-debug-82aee1a946/lib/ruby/3.4.0+0/bundled_gems.rb:71:in 'Kernel.require' from /home/jaruga/.local/ruby-3.4.0dev-debug-82aee1a946/lib/ruby/3.4.0+0/bundled_gems.rb:71:in 'block (2 levels) in Kernel#replace_require' rake aborted! ``` This commit enables the `rake debug` still to print the debugging values in such cases. In this case, the `rake debug` prints only the base provider without fips provider. That was a bug of OpenSSL. ``` $ OPENSSL_CONF=/home/jaruga/.local/openssl-3.4.0-dev-fips-debug-14e46600c6/ssl/openssl_fips.cnf \ bundle exec rake debug ... ruby 3.4.0dev (2024-07-22T08:33:07Z master 82aee1a946) [x86_64-linux] OpenSSL::OPENSSL_VERSION: OpenSSL 3.4.0-dev OpenSSL::OPENSSL_LIBRARY_VERSION: OpenSSL 3.4.0-dev OpenSSL::OPENSSL_VERSION_NUMBER: 30400000 OpenSSL::LIBRESSL_VERSION_NUMBER: undefined FIPS enabled: true Providers: base ```
1 parent a1aff21 commit d5da6b3

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Rakefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,7 @@ task :debug do
7272
Providers: #{providers_str}
7373
MESSAGE
7474
EOF
75-
ruby %Q(-I./lib -ropenssl -ve'#{ruby_code}')
75+
ruby %Q(-I./lib -ropenssl.so -ve'#{ruby_code}')
7676
end
7777

7878
task :default => :test

0 commit comments

Comments
 (0)