You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
37 lines
1.3 KiB
37 lines
1.3 KiB
From 578687a00195191185f44d8cb38f4b7716d99c31 Mon Sep 17 00:00:00 2001
|
|
From: Josh Cooper <josh@puppet.com>
|
|
Date: Tue, 16 May 2017 15:47:04 -0700
|
|
Subject: [PATCH] (PUP-7383) Skip cipher monkey patch on ruby 2.4+
|
|
|
|
Previously, we appended "!SSLv2" to the SSLContext
|
|
DEFAULT_PARAMS[:ciphers] to ensure that puppet never uses SSLv2, either
|
|
from our http client or when using open-uri. However, ruby 2.4 only
|
|
defines the `:ciphers` array if using openssl < 1.1.0[1]. As a result,
|
|
puppet as a gem running on newer systems would hard fail.
|
|
|
|
Check existence of array before trying to append to it.
|
|
|
|
[1] https://github.com/ruby/ruby/commit/c9dc016#diff-8406e11e4a42f9de6badcd0f6a6c4262R33
|
|
---
|
|
lib/puppet/util/monkey_patches.rb | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/lib/puppet/util/monkey_patches.rb b/lib/puppet/util/monkey_patches.rb
|
|
index b999fc4..ffb887e 100644
|
|
--- a/lib/puppet/util/monkey_patches.rb
|
|
+++ b/lib/puppet/util/monkey_patches.rb
|
|
@@ -35,7 +35,9 @@ class OpenSSL::SSL::SSLContext
|
|
else
|
|
DEFAULT_PARAMS[:options] = OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
|
|
end
|
|
- DEFAULT_PARAMS[:ciphers] << ':!SSLv2'
|
|
+ if DEFAULT_PARAMS[:ciphers]
|
|
+ DEFAULT_PARAMS[:ciphers] << ':!SSLv2'
|
|
+ end
|
|
|
|
alias __original_initialize initialize
|
|
private :__original_initialize
|
|
--
|
|
2.7.4
|
|
|