gemstash icon indicating copy to clipboard operation
gemstash copied to clipboard

Published 20 hours ago verified publisher icon rubygems

Support hosts in FIPS mode

Open ayohrling opened this issue 6 years ago • 1 comments

Currently, gemstash does not run on systems that are configured in FIPS mode. There are a couple spots that utilize MD5 digests that need to be replaced for valid operation. Results in the following logs when running the server and timeouts for too many connection resets in fetching gems:

md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
[2018-10-31 13:30:47 +0000] - INFO - [16128] - Worker 0 (pid: 16242) booted, phase: 0
md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
[2018-10-31 13:30:52 +0000] - INFO - [16128] - Worker 0 (pid: 16254) booted, phase: 0
md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
[2018-10-31 13:30:57 +0000] - INFO - [16128] - Worker 0 (pid: 16266) booted, phase: 0
md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
[2018-10-31 13:31:02 +0000] - INFO - [16128] - Worker 0 (pid: 16276) booted, phase: 0

ayohrling avatar Oct 31 '18 13:10 ayohrling

Am hoping for some feedback here. I feel like this should be low-hanging fruit. PR is in, we have to work from builds off my fork to use gemstash until this is merged upstream.

ayohrling avatar Dec 10 '18 15:12 ayohrling