Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9930

Do not necessarily load OpenSSL in JRuby

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.9.0
    • Component/s: None
    • Labels:
      None
    • Template:
    • Team:
      Froyo
    • Release Notes:
      Not Needed
    • QA Risk Assessment:
      Needs Assessment

      Description

      OpenSSL in JRuby is implemented via JRuby's custom jopenssl project which is based on bouncycastle. This implementation is however hardcoded to FOSS bouncycastle and will not work in a FIPS environment. Before we can operate Puppet Server in FIPS mode we must be able to load Puppet and execute the portions of Puppet's code within JRuby with OpenSSL disabled.

      (Alternatives for community extensions that require OpenSSL will be evaluated once we pass this milestone)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                justin Justin Stoller
                Reporter:
                justin Justin Stoller
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support