** Changed in: salt (Ubuntu Bionic) Status: Confirmed => In Progress
** Description changed: [Impact] - * salt fails to start with OpenSSL 1.1.1 (which is in cosmic-release, + * salt fails to start with OpenSSL 1.1.1 (which is in cosmic-release, bionic-proposed) [Test Case] - * bionic-only: install openssl/libssl1.1 from bionic-proposed + * install openssl/libssl1.1 from bionic-proposed - sudo apt install salt-master - sudo salt --versions-report + sudo apt install salt-master + sudo salt --versions-report - [bad] Python traceback ending in: - ssl.SSLError: unknown error (_ssl.c:2788) + [bad] Python traceback ending in: + ssl.SSLError: unknown error (_ssl.c:2788) - [good] a table of version numbers + [good] a table of version numbers Salt Version: - Salt: 2018.3.0 + Salt: 2018.3.0 ... - [Fix] - * Unused imports, and 1.1.1 incompatible libcrypto init functions in + * Unused imports, and 1.1.1 incompatible libcrypto init functions in salt are causing it to fail to start with OpenSSL 1.1.1. The upstream patches that were merged into stable branch make it compatible with either 1.1.0 or 1.1.1. + * Note that for bionic above is sufficent by itself. In cosmic, python- + tornado got upgraded from v4 to v5 and salt is incompatible with it. + Hence salt in cosmic is currently complete busted due to this issue and + lack of tornado4. I have now requested and SRU to reintroduce tornado4 + into cosmic to unbreak salt in cosmic. But it may take much longer than + the smaller fix for bionic. + [Regression Potential] - * The underlying behavior of crypto with or without these patches is + * The underlying behavior of crypto with or without these patches is not changed. There are no versioned breaks to prevent upgrading libssl1.1 whilst salt is installed, but this fix should make salt compatible with any openssl releases. Currently, salt is completely broken in cosmic-release (fails to start) so it's hard to regress further than that in cosmic. [Other Info] - - * Full traceback + + * Full traceback # sudo apt install salt-master # sudo salt --versions-report Traceback (most recent call last): File "/usr/bin/salt", line 10, in <module> salt_main() File "/usr/lib/python3/dist-packages/salt/scripts.py", line 476, in salt_main client.run() File "/usr/lib/python3/dist-packages/salt/cli/salt.py", line 33, in run import salt.client File "/usr/lib/python3/dist-packages/salt/client/__init__.py", line 31, in <module> import salt.cache File "/usr/lib/python3/dist-packages/salt/cache/__init__.py", line 18, in <module> import salt.loader File "/usr/lib/python3/dist-packages/salt/loader.py", line 26, in <module> import salt.utils.event File "/usr/lib/python3/dist-packages/salt/utils/event.py", line 70, in <module> import tornado.iostream File "/usr/lib/python3/dist-packages/tornado/iostream.py", line 40, in <module> from tornado.netutil import ssl_wrap_socket, _client_ssl_defaults, _server_ssl_defaults File "/usr/lib/python3/dist-packages/tornado/netutil.py", line 45, in <module> ssl.Purpose.SERVER_AUTH) File "/usr/lib/python3.6/ssl.py", line 502, in create_default_context context = SSLContext(PROTOCOL_TLS) File "/usr/lib/python3.6/ssl.py", line 391, in __new__ self = _SSLContext.__new__(cls, protocol) ssl.SSLError: unknown error (_ssl.c:2788) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823332 Title: salt --versions-report broken in bionic/cosmic with openssl 1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/salt/+bug/1823332/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs