diff options
author | Jay Mundrawala <jdmundrawala@gmail.com> | 2016-01-08 11:42:23 -0800 |
---|---|---|
committer | Jay Mundrawala <jdmundrawala@gmail.com> | 2016-01-25 09:51:37 -0800 |
commit | 8dc7e055ed65453081e60b74b461a2f67c3ec009 (patch) | |
tree | d640d1481822b0f8c1be60b47cd482fdf97d7624 /spec/unit | |
parent | 0a3affad66cadc1e9a32afc31160cc1304ef331b (diff) | |
download | chef-8dc7e055ed65453081e60b74b461a2f67c3ec009.tar.gz |
Do openssl initialization from applications
Some notes:
* Add module overrides for fips
We need to use the SHA1 module under OpenSSL because the openssl
functions called by Digest::SHA1 cause openssl to crash the process.
We use the Digest::MD5 over the OpenSSL::MD5 module because md5
is not allowed when in fips mode and causes the process to crash.
While we work through these issues, we're going to allow it to
pass by compiling the ruby md5 implementation.
* Use OpenSSL::Digest::SHA256 instead of Digest::SHA256
Digest::SHA256 is broken in fips mode because it uses
unapproved APIs. They cause the process to terminate.
Diffstat (limited to 'spec/unit')
-rw-r--r-- | spec/unit/application_spec.rb | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/spec/unit/application_spec.rb b/spec/unit/application_spec.rb index 6a78e5c827..c8f138cdcc 100644 --- a/spec/unit/application_spec.rb +++ b/spec/unit/application_spec.rb @@ -136,6 +136,16 @@ describe Chef::Application do expect(Chef::Config.rspec_ran).to eq("true") end + context "when openssl fips" do + before do + allow(Chef::Config).to receive(:openssl_fips).and_return(true) + end + + it "sets openssl in fips mode" do + expect(OpenSSL).to receive(:'fips_mode=').with(true) + @app.configure_chef + end + end end describe "when there is no config_file defined" do |