-
Type:
Task
-
Status: Closed
-
Priority:
Normal
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: PUP 5.4.0
-
Component/s: None
-
Labels:None
-
Template:customfield_10700 232354
-
Acceptance Criteria:
-
Epic Link:
-
Sub-team:
-
Team:Platform Core
-
Story Points:2
-
Sprint:Platform Core KANBAN
-
Release Notes:New Feature
-
Release Notes Summary:
-
QA Risk Assessment:No Action
Puppet 5.4.0:
N/A:
Redhat7- FIPS mode:
FIPS mode prohibits use of certain algorithms e.g. MD5 (as applicable to puppet currently) and any attempt to use them results in abrupt program termination or abort. While customers using Puppet agents on FIPS mode platforms should be aware of such limitations there might be un-intentional usages which will result in user un-friendly errors.
We need to intercept any such prohibited usages at runtime and provide graceful error messages.
Create a manifest with a file resource while setting its checksum attribute to md5 and attempt applying it on agent in fips mode.
Expected: Provide a graceful error while disallowing the operation.
Actual: Error "md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
Aborted"