Skip to content

Commit 8868b07

Browse files
dsmith3197jszwedko
dsmith3197
authored and
jszwedko
committed
fix(deps): load default and legacy openssl providers (#18276)
* fix(deps): load default and legacy openssl providers * hard error
1 parent c9ccee0 commit 8868b07

2 files changed

Lines changed: 34 additions & 22 deletions

File tree

src/app.rs

Lines changed: 25 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ pub struct Application {
6262
pub require_healthy: Option<bool>,
6363
pub config: ApplicationConfig,
6464
pub signals: SignalPair,
65-
pub openssl_legacy_provider: Option<Provider>,
65+
pub openssl_providers: Option<Vec<Provider>>,
6666
}
6767

6868
impl ApplicationConfig {
@@ -191,11 +191,11 @@ impl Application {
191191
opts.root.internal_log_rate_limit,
192192
);
193193

194-
let openssl_legacy_provider = opts
194+
let openssl_providers = opts
195195
.root
196196
.openssl_legacy_provider
197-
.then(load_openssl_legacy_provider)
198-
.flatten();
197+
.then(load_openssl_legacy_providers)
198+
.transpose()?;
199199

200200
let runtime = build_runtime(opts.root.threads, "vector-worker")?;
201201

@@ -217,7 +217,7 @@ impl Application {
217217
require_healthy: opts.root.require_healthy,
218218
config,
219219
signals,
220-
openssl_legacy_provider,
220+
openssl_providers,
221221
},
222222
))
223223
}
@@ -234,7 +234,7 @@ impl Application {
234234
require_healthy,
235235
config,
236236
signals,
237-
openssl_legacy_provider,
237+
openssl_providers,
238238
} = self;
239239

240240
let topology_controller = SharedTopologyController::new(TopologyController {
@@ -252,7 +252,7 @@ impl Application {
252252
graceful_crash_receiver: config.graceful_crash_receiver,
253253
signals,
254254
topology_controller,
255-
openssl_legacy_provider,
255+
openssl_providers,
256256
})
257257
}
258258
}
@@ -262,7 +262,7 @@ pub struct StartedApplication {
262262
pub graceful_crash_receiver: mpsc::UnboundedReceiver<ShutdownError>,
263263
pub signals: SignalPair,
264264
pub topology_controller: SharedTopologyController,
265-
pub openssl_legacy_provider: Option<Provider>,
265+
pub openssl_providers: Option<Vec<Provider>>,
266266
}
267267

268268
impl StartedApplication {
@@ -276,7 +276,7 @@ impl StartedApplication {
276276
graceful_crash_receiver,
277277
signals,
278278
topology_controller,
279-
openssl_legacy_provider,
279+
openssl_providers,
280280
} = self;
281281

282282
let mut graceful_crash = UnboundedReceiverStream::new(graceful_crash_receiver);
@@ -308,7 +308,7 @@ impl StartedApplication {
308308
signal,
309309
signal_rx,
310310
topology_controller,
311-
openssl_legacy_provider,
311+
openssl_providers,
312312
}
313313
}
314314
}
@@ -363,7 +363,7 @@ pub struct FinishedApplication {
363363
pub signal: SignalTo,
364364
pub signal_rx: SignalRx,
365365
pub topology_controller: SharedTopologyController,
366-
pub openssl_legacy_provider: Option<Provider>,
366+
pub openssl_providers: Option<Vec<Provider>>,
367367
}
368368

369369
impl FinishedApplication {
@@ -372,7 +372,7 @@ impl FinishedApplication {
372372
signal,
373373
signal_rx,
374374
topology_controller,
375-
openssl_legacy_provider,
375+
openssl_providers,
376376
} = self;
377377

378378
// At this point, we'll have the only reference to the shared topology controller and can
@@ -387,7 +387,7 @@ impl FinishedApplication {
387387
SignalTo::Quit => Self::quit(),
388388
_ => unreachable!(),
389389
};
390-
drop(openssl_legacy_provider);
390+
drop(openssl_providers);
391391
status
392392
}
393393

@@ -564,13 +564,17 @@ pub fn init_logging(color: bool, format: LogFormat, log_level: &str, rate: u64)
564564
///
565565
/// The returned [Provider] must stay in scope for the entire lifetime of the application, as it
566566
/// will be unloaded when it is dropped.
567-
pub fn load_openssl_legacy_provider() -> Option<Provider> {
567+
pub fn load_openssl_legacy_providers() -> Result<Vec<Provider>, ExitCode> {
568568
warn!(message = "DEPRECATED The openssl legacy provider provides algorithms and key sizes no longer recommended for use.");
569-
Provider::try_load(None, "legacy", true)
570-
.map(|provider| {
571-
info!(message = "Loaded openssl legacy provider.");
572-
provider
573-
})
574-
.map_err(|error| error!(message = "Failed to load openssl legacy provider.", %error))
575-
.ok()
569+
["legacy", "default"].into_iter().map(|provider_name| {
570+
Provider::try_load(None, provider_name, true)
571+
.map(|provider| {
572+
info!(message = "Loaded openssl provider.", provider = provider_name);
573+
provider
574+
})
575+
.map_err(|error| {
576+
error!(message = "Failed to load openssl provider.", provider = provider_name, %error);
577+
exitcode::UNAVAILABLE
578+
})
579+
}).collect()
576580
}

src/cli.rs

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -196,7 +196,15 @@ pub struct RootOpts {
196196
pub allocation_tracing_reporting_interval_ms: u64,
197197

198198
/// Load the OpenSSL legacy provider.
199-
#[arg(long, env = "VECTOR_OPENSSL_LEGACY_PROVIDER", default_value = "true")]
199+
#[arg(
200+
long,
201+
env = "VECTOR_OPENSSL_LEGACY_PROVIDER",
202+
default_value = "true",
203+
default_missing_value = "true",
204+
num_args = 0..=1,
205+
require_equals = true,
206+
action = ArgAction::Set
207+
)]
200208
pub openssl_legacy_provider: bool,
201209
}
202210

0 commit comments

Comments
 (0)