Commit ecb5efe
committed
cmk-agent-ctl: disable OpenSSL config auto-load to fix sles-16 register hang
The vendored OpenSSL (native-tls) auto-loaded the distro-supplied
/etc/ssl/openssl.cnf at init because SUP-28810 pointed OPENSSLDIR at
/etc/ssl. On SLES 16 that config enables provider auto-loading, which
deadlocks OpenSSL 3.x's recursive rwlock under musl during DRBG seeding
in SSL_CTX_new -- so `cmk-agent-ctl register` hangs forever (e.g. robotmk
test_linux_deployment), draining the integration-test session timeout.
We neither ship nor need an openssl.cnf for the agent controller, so
build the vendored OpenSSL with `no-autoload-config`. This keeps
SUP-28810's path stabilisation intact and restores the controller's
"never read openssl config files" invariant in fact, not just by intent.
Verified in a SLES 16.0 container: the shipped binary hangs 3/3, the
rebuilt binary completes 3/3 (even with OPENSSL_CONF=/etc/ssl/openssl.cnf
forced) and TLS still works.
CMK-35950
Change-Id: Ibe963a3f3a3717baee72e3205659d8e8b5c0d6781 parent 1cde3a0 commit ecb5efe
1 file changed
Lines changed: 19 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
17 | 17 | | |
18 | 18 | | |
19 | 19 | | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
20 | 29 | | |
21 | 30 | | |
22 | 31 | | |
| |||
32 | 41 | | |
33 | 42 | | |
34 | 43 | | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
35 | 54 | | |
36 | 55 | | |
37 | 56 | | |
| |||
0 commit comments