Skip to content

Commit

Permalink
fix(deps): load default and legacy openssl providers (vectordotdev#18276
Browse files Browse the repository at this point in the history
)

* fix(deps): load default and legacy openssl providers

* hard error
  • Loading branch information
dsmith3197 authored Aug 16, 2023
1 parent 4ec6c11 commit fc17fba
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 22 deletions.
46 changes: 25 additions & 21 deletions src/app.rs
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ pub struct Application {
pub require_healthy: Option<bool>,
pub config: ApplicationConfig,
pub signals: SignalPair,
pub openssl_legacy_provider: Option<Provider>,
pub openssl_providers: Option<Vec<Provider>>,
}

impl ApplicationConfig {
Expand Down Expand Up @@ -196,11 +196,11 @@ impl Application {
debug!(message = "Disabled probing and configuration of root certificate locations on the system for OpenSSL.");
}

let openssl_legacy_provider = opts
let openssl_providers = opts
.root
.openssl_legacy_provider
.then(load_openssl_legacy_provider)
.flatten();
.then(load_openssl_legacy_providers)
.transpose()?;

let runtime = build_runtime(opts.root.threads, "vector-worker")?;

Expand All @@ -222,7 +222,7 @@ impl Application {
require_healthy: opts.root.require_healthy,
config,
signals,
openssl_legacy_provider,
openssl_providers,
},
))
}
Expand All @@ -239,7 +239,7 @@ impl Application {
require_healthy,
config,
signals,
openssl_legacy_provider,
openssl_providers,
} = self;

let topology_controller = SharedTopologyController::new(TopologyController {
Expand All @@ -257,7 +257,7 @@ impl Application {
graceful_crash_receiver: config.graceful_crash_receiver,
signals,
topology_controller,
openssl_legacy_provider,
openssl_providers,
})
}
}
Expand All @@ -267,7 +267,7 @@ pub struct StartedApplication {
pub graceful_crash_receiver: mpsc::UnboundedReceiver<ShutdownError>,
pub signals: SignalPair,
pub topology_controller: SharedTopologyController,
pub openssl_legacy_provider: Option<Provider>,
pub openssl_providers: Option<Vec<Provider>>,
}

impl StartedApplication {
Expand All @@ -281,7 +281,7 @@ impl StartedApplication {
graceful_crash_receiver,
signals,
topology_controller,
openssl_legacy_provider,
openssl_providers,
} = self;

let mut graceful_crash = UnboundedReceiverStream::new(graceful_crash_receiver);
Expand Down Expand Up @@ -313,7 +313,7 @@ impl StartedApplication {
signal,
signal_rx,
topology_controller,
openssl_legacy_provider,
openssl_providers,
}
}
}
Expand Down Expand Up @@ -368,7 +368,7 @@ pub struct FinishedApplication {
pub signal: SignalTo,
pub signal_rx: SignalRx,
pub topology_controller: SharedTopologyController,
pub openssl_legacy_provider: Option<Provider>,
pub openssl_providers: Option<Vec<Provider>>,
}

impl FinishedApplication {
Expand All @@ -377,7 +377,7 @@ impl FinishedApplication {
signal,
signal_rx,
topology_controller,
openssl_legacy_provider,
openssl_providers,
} = self;

// At this point, we'll have the only reference to the shared topology controller and can
Expand All @@ -392,7 +392,7 @@ impl FinishedApplication {
SignalTo::Quit => Self::quit(),
_ => unreachable!(),
};
drop(openssl_legacy_provider);
drop(openssl_providers);
status
}

Expand Down Expand Up @@ -571,13 +571,17 @@ pub fn init_logging(color: bool, format: LogFormat, log_level: &str, rate: u64)
///
/// The returned [Provider] must stay in scope for the entire lifetime of the application, as it
/// will be unloaded when it is dropped.
pub fn load_openssl_legacy_provider() -> Option<Provider> {
pub fn load_openssl_legacy_providers() -> Result<Vec<Provider>, ExitCode> {
warn!(message = "DEPRECATED The openssl legacy provider provides algorithms and key sizes no longer recommended for use.");
Provider::try_load(None, "legacy", true)
.map(|provider| {
info!(message = "Loaded openssl legacy provider.");
provider
})
.map_err(|error| error!(message = "Failed to load openssl legacy provider.", %error))
.ok()
["legacy", "default"].into_iter().map(|provider_name| {
Provider::try_load(None, provider_name, true)
.map(|provider| {
info!(message = "Loaded openssl provider.", provider = provider_name);
provider
})
.map_err(|error| {
error!(message = "Failed to load openssl provider.", provider = provider_name, %error);
exitcode::UNAVAILABLE
})
}).collect()
}
10 changes: 9 additions & 1 deletion src/cli.rs
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,15 @@ pub struct RootOpts {
pub allocation_tracing_reporting_interval_ms: u64,

/// Load the OpenSSL legacy provider.
#[arg(long, env = "VECTOR_OPENSSL_LEGACY_PROVIDER", default_value = "true")]
#[arg(
long,
env = "VECTOR_OPENSSL_LEGACY_PROVIDER",
default_value = "true",
default_missing_value = "true",
num_args = 0..=1,
require_equals = true,
action = ArgAction::Set
)]
pub openssl_legacy_provider: bool,

/// Disable probing and configuration of root certificate locations on the system for OpenSSL.
Expand Down

0 comments on commit fc17fba

Please sign in to comment.