Make "rake debug" protective for a Ruby OpenSSL loading error. #783
Commits on Jul 25, 2024
-
Make "rake debug" protective for a Ruby OpenSSL loading error.
We experienced a FIPS case specific Ruby OpenSSL error in the loading process of Ruby OpenSSL by calling the `ruby -ropenssl` (`require 'openssl'`) built with OpenSSL master branch which includes the commit <openssl/openssl@6d47e81> but doesn't include the commit <openssl/openssl@3c6e114> fixing the issue. The following error happened at `lib/openssl.rb:22` calling the `lib/openssl/ssl.rb` with the OpenSSL commit <14e46600c68ece74970462a60ad20703221747a1> which is between the above 2 commits. ``` $ OPENSSL_CONF=/home/jaruga/.local/openssl-3.4.0-dev-fips-debug-14e46600c6/ssl/openssl_fips.cnf \ bundle exec rake debug ... ruby 3.4.0dev (2024-07-22T08:33:07Z master 82aee1a946) [x86_64-linux] /home/jaruga/var/git/ruby/openssl/lib/openssl/pkey.rb:132:in 'OpenSSL::PKey::DH#initialize': could not parse pkey (OpenSSL::PKey::DHError) from /home/jaruga/var/git/ruby/openssl/lib/openssl/pkey.rb:132:in 'Class#new' from /home/jaruga/var/git/ruby/openssl/lib/openssl/pkey.rb:132:in 'OpenSSL::PKey::DH.new' from /home/jaruga/var/git/ruby/openssl/lib/openssl/ssl.rb:36:in '<class:SSLContext>' from /home/jaruga/var/git/ruby/openssl/lib/openssl/ssl.rb:23:in '<module:SSL>' from /home/jaruga/var/git/ruby/openssl/lib/openssl/ssl.rb:22:in '<module:OpenSSL>' from /home/jaruga/var/git/ruby/openssl/lib/openssl/ssl.rb:21:in '<top (required)>' from /home/jaruga/var/git/ruby/openssl/lib/openssl.rb:22:in 'Kernel#require_relative' from /home/jaruga/var/git/ruby/openssl/lib/openssl.rb:22:in '<top (required)>' from /home/jaruga/.local/ruby-3.4.0dev-debug-82aee1a946/lib/ruby/3.4.0+0/bundled_gems.rb:71:in 'Kernel.require' from /home/jaruga/.local/ruby-3.4.0dev-debug-82aee1a946/lib/ruby/3.4.0+0/bundled_gems.rb:71:in 'block (2 levels) in Kernel#replace_require' rake aborted! ``` This commit enables the `rake debug` still to print the debugging values in such cases. In this case, the `rake debug` prints only the base provider without fips provider. That was a bug of OpenSSL. ``` $ OPENSSL_CONF=/home/jaruga/.local/openssl-3.4.0-dev-fips-debug-14e46600c6/ssl/openssl_fips.cnf \ bundle exec rake debug ... ruby 3.4.0dev (2024-07-22T08:33:07Z master 82aee1a946) [x86_64-linux] OpenSSL::OPENSSL_VERSION: OpenSSL 3.4.0-dev OpenSSL::OPENSSL_LIBRARY_VERSION: OpenSSL 3.4.0-dev OpenSSL::OPENSSL_VERSION_NUMBER: 30400000 OpenSSL::LIBRESSL_VERSION_NUMBER: undefined FIPS enabled: true Providers: base ```
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.