Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9930

Do not necessarily load OpenSSL in JRuby

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.9.0
    • Component/s: None
    • Labels:
      None
    • Template:
    • Team:
      Froyo
    • Release Notes:
      Not Needed
    • QA Risk Assessment:
      Needs Assessment

      Description

      OpenSSL in JRuby is implemented via JRuby's custom jopenssl project which is based on bouncycastle. This implementation is however hardcoded to FOSS bouncycastle and will not work in a FIPS environment. Before we can operate Puppet Server in FIPS mode we must be able to load Puppet and execute the portions of Puppet's code within JRuby with OpenSSL disabled.

      (Alternatives for community extensions that require OpenSSL will be evaluated once we pass this milestone)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              justin Justin Stoller
              Reporter:
              justin Justin Stoller
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support