Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2777

Work with hiera-eyaml maintainers to not use Ruby's OpenSSL for key decryption

    XMLWordPrintable

Details

    • Improvement
    • Status: Accepted
    • Normal
    • Resolution: Unresolved
    • None
    • None
    • None
    • 39829,45830
    • 2
    • Needs Assessment

    Description

      Loading Ruby's OpenSSL implementation fails in FIPS environments because JRuby's OpenSSL implementation isn't FIPS compatible. However we use BouncyCastle in a FIPS compatible way to load keys/certs in our our CA. We should expose those methods in Ruby & work with the heira-eyaml maintainers to use those so their important community projects can be used in a FIPS installation.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              justin Justin Stoller
              Votes:
              3 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:

                Zendesk Support