[PUP-8352] Puppet's webrick master fails on Ruby 2.4.3 Created: 2018/01/12  Updated: 2018/02/06  Resolved: 2018/01/12

Status: Closed
Project: Puppet
Component/s: None
Affects Version/s: None
Fix Version/s: PUP 5.3.4

Type: Bug Priority: Normal
Reporter: Josh Cooper Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
duplicates PUP-8297 Puppet webrick no longer functions in... Closed
Template: PUP Bug Template
Sub-team: Coremunity
Team: Platform Core
Sprint: Platform Core KANBAN
Method Found: Needs Assessment
QA Risk Assessment: No Action


Puppet Version: 5.3.x
Ruby Version: 2.4.3

Ruby 2.4.3 contains a backported fix to webrick. See https://github.com/ruby/ruby/commit/2e728d51e70ed3756ad760c687a08b8487b0112f
and https://github.com/ruby/ruby/compare/v2_4_2...v2_4_3#diff-5396c7bc1e5154a82bf825e6bf470f80 which breaks puppet master (webrick).

When an agent connects, the SSL handshake succeeds, but the connection fails as soon as the agent sends data. The puppet webrick log shows:

[2018-01-12 13:46:06] ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=unknown state: unexpected record
	/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/webrick.rb:32:in `accept'
	/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/webrick.rb:32:in `block (2 levels) in listen'

While the agent reports:

Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_read: decryption failed or bad record mac

If you revert ruby's /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/webrick.rb back to v2.4.2, then it works ok.

Generated at Wed Apr 01 14:35:31 PDT 2020 using Jira 8.5.2#805002-sha1:a66f9354b9e12ac788984e5d84669c903a370049.