[PUP-9930] Do not necessarily load OpenSSL in JRuby - Puppet Jira Server

XML

Word

Printable

Details

Type: Task
Status: Resolved
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 6.9.0
Component/s: None
Labels:
None

Team:
Froyo

Release Notes:
Not Needed

QA Risk Assessment:
Needs Assessment

Description

OpenSSL in JRuby is implemented via JRuby's custom jopenssl project which is based on bouncycastle. This implementation is however hardcoded to FOSS bouncycastle and will not work in a FIPS environment. Before we can operate Puppet Server in FIPS mode we must be able to load Puppet and execute the portions of Puppet's code within JRuby with OpenSSL disabled.

(Alternatives for community extensions that require OpenSSL will be evaluated once we pass this milestone)

Attachments

Issue Links

blocks

SERVER-1914 Enable using FIPS Bouncy Castle crypto provider

Resolved

Activity

People

Assignee:: Justin Stoller

Reporter:: Justin Stoller

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2019/07/30 3:16 PM

Updated:: 2019/08/26 8:39 AM

Resolved:: 2019/08/26 8:39 AM