summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--chef-config/lib/chef-config/config.rb21
-rw-r--r--spec/unit/application/knife_spec.rb8
-rw-r--r--spec/unit/application_spec.rb2
3 files changed, 19 insertions, 12 deletions
diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb
index 68cece43da..e4a12e8949 100644
--- a/chef-config/lib/chef-config/config.rb
+++ b/chef-config/lib/chef-config/config.rb
@@ -496,13 +496,7 @@ module ChefConfig
# Initialize openssl
def self.init_openssl
if fips
- ChefConfig.logger.warn "The `fips` feature is still a work in progress. This feature is incomplete."
- OpenSSL.fips_mode = true
- require "digest"
- require "digest/sha1"
- require "digest/md5"
- Digest.const_set("SHA1", OpenSSL::Digest::SHA1)
- OpenSSL::Digest.const_set("MD5", Digest::MD5)
+ self.enable_fips_mode
end
end
@@ -910,5 +904,18 @@ module ChefConfig
def self._this_file
File.expand_path(__FILE__)
end
+
+ # Set fips mode in openssl. Do any patching necessary to make
+ # sure Chef runs do not crash.
+ # @api private
+ def self.enable_fips_mode
+ ChefConfig.logger.warn "The `fips` feature is still a work in progress. This feature is incomplete."
+ OpenSSL.fips_mode = true
+ require "digest"
+ require "digest/sha1"
+ require "digest/md5"
+ Digest.const_set("SHA1", OpenSSL::Digest::SHA1)
+ OpenSSL::Digest.const_set("MD5", Digest::MD5)
+ end
end
end
diff --git a/spec/unit/application/knife_spec.rb b/spec/unit/application/knife_spec.rb
index c6c3c4d12c..08e058caed 100644
--- a/spec/unit/application/knife_spec.rb
+++ b/spec/unit/application/knife_spec.rb
@@ -93,7 +93,7 @@ describe Chef::Application::Knife do
it "does not initialize fips mode when no flags are passed" do
with_argv(*%w{noop knife command}) do
expect(@knife).to receive(:exit).with(0)
- expect(OpenSSL).not_to receive(:'fips_mode=')
+ expect(Chef::Config).not_to receive(:enable_fips_mode)
@knife.run
expect(Chef::Config[:fips]).to eq(false)
end
@@ -102,7 +102,7 @@ describe Chef::Application::Knife do
it "overwrites the Chef::Config value when passed --fips" do
with_argv(*%w{noop knife command --fips}) do
expect(@knife).to receive(:exit).with(0)
- expect(OpenSSL).to receive(:'fips_mode=').with(true)
+ expect(Chef::Config).to receive(:enable_fips_mode)
@knife.run
expect(Chef::Config[:fips]).to eq(true)
end
@@ -117,7 +117,7 @@ describe Chef::Application::Knife do
it "initializes fips mode when passed --fips" do
with_argv(*%w{noop knife command --fips}) do
expect(@knife).to receive(:exit).with(0)
- expect(OpenSSL).to receive(:'fips_mode=').with(true)
+ expect(Chef::Config).to receive(:enable_fips_mode)
@knife.run
expect(Chef::Config[:fips]).to eq(true)
end
@@ -126,7 +126,7 @@ describe Chef::Application::Knife do
it "overwrites the Chef::Config value when passed --no-fips" do
with_argv(*%w{noop knife command --no-fips}) do
expect(@knife).to receive(:exit).with(0)
- expect(OpenSSL).not_to receive(:'fips_mode=')
+ expect(Chef::Config).not_to receive(:enable_fips_mode)
@knife.run
expect(Chef::Config[:fips]).to eq(false)
end
diff --git a/spec/unit/application_spec.rb b/spec/unit/application_spec.rb
index 340f062564..ceff3b6eb5 100644
--- a/spec/unit/application_spec.rb
+++ b/spec/unit/application_spec.rb
@@ -148,7 +148,7 @@ describe Chef::Application do
end
it "sets openssl in fips mode" do
- expect(OpenSSL).to receive(:'fips_mode=').with(true)
+ expect(Chef::Config).to receive(:enable_fips_mode)
@app.configure_chef
end
end