Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove OpenSSL provider as an option. JDK SSL Provider will be used by default. #2298

Closed
wants to merge 4 commits into from
Closed

Remove OpenSSL provider as an option. JDK SSL Provider will be used by default. #2298

wants to merge 4 commits into from

Conversation

cwperks
Copy link
Member

@cwperks cwperks commented Dec 5, 2022

Description

Removes OpenSSL which has been broken since 1.3.0

This PR that was included in 1.3.0 which broke OpenSSL support: #1649

There have not been any issues filed or posts in the forum regarding OpenSSL support.

  • Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

Maintenance

Issues Resolved

See relevant PR: #2219

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@cwperks cwperks changed the title Remove openssl Remove OpenSSL provider as an option. JDK SSL Provider will be used by default. Dec 5, 2022
peternied
peternied reviewed Dec 5, 2022
View reviewed changes
src/main/java/org/opensearch/security/ssl/OpenSearchSecuritySSLPlugin.java
@@ -328,9 +325,7 @@ public List<Setting<?>> getSettings() {
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_HTTP_TRUSTSTORE_FILEPATH, Property.NodeScope, Property.Filtered));
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_HTTP_TRUSTSTORE_PASSWORD, Property.NodeScope, Property.Filtered));
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_HTTP_TRUSTSTORE_TYPE, Property.NodeScope, Property.Filtered));
settings.add(Setting.boolSetting(SSLConfigConstants.SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, OPENSSL_SUPPORTED, Property.NodeScope, Property.Filtered));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this is removed will this create an error before the OpenSearch starts up?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not certain if I would want this failure to happen, it could be seen as non-bwc compatible. Instead logging a notice that the feature doesn't work and the setting wouldn't be used could be better in the interim until 3.0.0 when we'd could force this as a breaking change.

@codecov-commenter
Copy link

codecov-commenter commented Dec 5, 2022
edited
Loading

Codecov Report

Merging #2298 (036490a) into main (063c1e9) will increase coverage by 0.21%.
The diff coverage is 100.00%.

@@             Coverage Diff              @@
##               main    #2298      +/-   ##
============================================
+ Coverage     61.02%   61.24%   +0.21%     
+ Complexity     3267     3266       -1     
============================================
  Files           259      259              
  Lines         18337    18267      -70     
  Branches       3248     3226      -22     
============================================
- Hits          11191    11188       -3     
+ Misses         5561     5507      -54     
+ Partials       1585     1572      -13
Impacted Files Coverage Δ
...arch/security/ssl/OpenSearchSecuritySSLPlugin.java 80.22% <ø> (+0.11%) ⬆️
...ensearch/security/ssl/util/SSLConfigConstants.java 77.77% <ø> (ø)
...ensearch/security/ssl/DefaultSecurityKeyStore.java 78.04% <100.00%> (+10.20%) ⬆️
.../dlic/auth/ldap2/LDAPConnectionFactoryFactory.java 57.46% <0.00%> (-1.50%) ⬇️
...ecurity/configuration/ConfigurationRepository.java 74.31% <0.00%> (+2.18%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@cwperks
Copy link
Member Author

cwperks commented Dec 6, 2022

Closing this PR in favor of #2301

Looks like boring ssl is able to work after requisite changes are merged into core.

@cwperks cwperks closed this Dec 6, 2022
@reta
Copy link
Collaborator

reta commented Dec 6, 2022

Closing this PR in favor of #2301

Looks like boring ssl is able to work after requisite changes are merged into core.

Thanks @cwperks , yes, BoringSSL seems to work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peternied peternied peternied left review comments

@DarshitChanpura DarshitChanpura Awaiting requested review from DarshitChanpura DarshitChanpura will be requested when the pull request is marked ready for review DarshitChanpura is a code owner

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho will be requested when the pull request is marked ready for review derek-ho is a code owner

@nibix nibix Awaiting requested review from nibix nibix will be requested when the pull request is marked ready for review nibix is a code owner

@RyanL1997 RyanL1997 Awaiting requested review from RyanL1997 RyanL1997 will be requested when the pull request is marked ready for review RyanL1997 is a code owner

@reta reta Awaiting requested review from reta reta will be requested when the pull request is marked ready for review reta is a code owner

@willyborankin willyborankin Awaiting requested review from willyborankin willyborankin will be requested when the pull request is marked ready for review willyborankin is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cwperks @codecov-commenter @reta @peternied