Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove OpenSSL provider as an option. JDK SSL Provider will be used by default. #2298

Closed
wants to merge 4 commits into from

Conversation

cwperks
Copy link
Member

@cwperks cwperks commented Dec 5, 2022

Description

Removes OpenSSL which has been broken since 1.3.0

This PR that was included in 1.3.0 which broke OpenSSL support: #1649

There have not been any issues filed or posts in the forum regarding OpenSSL support.

  • Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

Maintenance

Issues Resolved

See relevant PR: #2219

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks cwperks changed the title Remove openssl Remove OpenSSL provider as an option. JDK SSL Provider will be used by default. Dec 5, 2022
@@ -328,9 +325,7 @@ public List<Setting<?>> getSettings() {
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_HTTP_TRUSTSTORE_FILEPATH, Property.NodeScope, Property.Filtered));
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_HTTP_TRUSTSTORE_PASSWORD, Property.NodeScope, Property.Filtered));
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_HTTP_TRUSTSTORE_TYPE, Property.NodeScope, Property.Filtered));
settings.add(Setting.boolSetting(SSLConfigConstants.SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, OPENSSL_SUPPORTED, Property.NodeScope, Property.Filtered));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this is removed will this create an error before the OpenSearch starts up?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not certain if I would want this failure to happen, it could be seen as non-bwc compatible. Instead logging a notice that the feature doesn't work and the setting wouldn't be used could be better in the interim until 3.0.0 when we'd could force this as a breaking change.

@codecov-commenter
Copy link

codecov-commenter commented Dec 5, 2022

Codecov Report

Merging #2298 (036490a) into main (063c1e9) will increase coverage by 0.21%.
The diff coverage is 100.00%.

@@             Coverage Diff              @@
##               main    #2298      +/-   ##
============================================
+ Coverage     61.02%   61.24%   +0.21%     
+ Complexity     3267     3266       -1     
============================================
  Files           259      259              
  Lines         18337    18267      -70     
  Branches       3248     3226      -22     
============================================
- Hits          11191    11188       -3     
+ Misses         5561     5507      -54     
+ Partials       1585     1572      -13     
Impacted Files Coverage Δ
...arch/security/ssl/OpenSearchSecuritySSLPlugin.java 80.22% <ø> (+0.11%) ⬆️
...ensearch/security/ssl/util/SSLConfigConstants.java 77.77% <ø> (ø)
...ensearch/security/ssl/DefaultSecurityKeyStore.java 78.04% <100.00%> (+10.20%) ⬆️
.../dlic/auth/ldap2/LDAPConnectionFactoryFactory.java 57.46% <0.00%> (-1.50%) ⬇️
...ecurity/configuration/ConfigurationRepository.java 74.31% <0.00%> (+2.18%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@cwperks
Copy link
Member Author

cwperks commented Dec 6, 2022

Closing this PR in favor of #2301

Looks like boring ssl is able to work after requisite changes are merged into core.

@cwperks cwperks closed this Dec 6, 2022
@reta
Copy link
Collaborator

reta commented Dec 6, 2022

Closing this PR in favor of #2301

Looks like boring ssl is able to work after requisite changes are merged into core.

Thanks @cwperks , yes, BoringSSL seems to work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants