projectkudu / kudu

Kudu is the engine behind git/hg deployments, WebJobs, and various other features in Azure Web Sites. It can also run outside of Azure.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Cannot run openssl.exe in Azure Function

twinter-amosfivesix opened this issue · comments

I'm maintaining some code I did not originally write. :-) It's an Azure Function app written with PowerShell. Until today it had been using the function runtime version 3 but I upgraded to 4 in an attempt to fix this problem.

For a long time this function has used the openssl.exe that's on the Azure Function box to verify some signatures. Basically the PowerShell code calls:
C:\Program Files\Git\mingw64\bin\openssl.exe dgst -sha256 -verify <path to public key> -signature <path to signature> <path to payload>

We're looking for the output of "Verified OK" or some other error message. This all worked fine until recently. IT had been doing some housekeeping and found some Azure Storage stuff no one knew about so they tightened up permission on them. Turns out one was the storage account the function used so the function stopped working. So we got that undone and the function started working again but only for about an hour. At that point it worked except for the call to openssl.exe, which stopped giving any message at all. I've coded up lots of fiddling with it and it always has no output whatsoever. Even openssl version. I've ensured I have the right path and the exe exists.

Of course I'm using openssl.exe that happens to be on the Azure box already - though I'm not sure that's a contractual thing. So I guess I'm not surprised this stopped working. So I then uploaded, as part of my function files, the entire portable git for windows set of file, which includes openssl.exe. Same behavior. No output at all.

I get the same behavior with openssl when I try to run it in the Kudu console.

Everything works fine locally.

For deployment issues, please provide us with the following information:

Repro steps.

your project built successfully on your dev machine but failed on Azure?
please write down your build tools and their versions (ie Msbuild 15.1.0.0)

In PowerShell, run openssl version

Project structures.

in order to reproduce your issue at our end we need a simple
github repository
that highlights structure of the project
Very simple function app project with 7 functions, each with powershell file for them. Some are slightly more complicated but this happens even in the super simple one.

The log/error given by the failure.

Normally this include a stack trace, error code and some more information.
No error. Nothing at all, which is the problem :-)

Debug your Azure website remotely.

it is recommanded that you share your Web App name, directly or indirectly
we can take a look at what's going on.

https://vervelicensing.azurewebsites.net/

Mention any other details that might be useful.

I'm assuming I'm running into some sandbox violation by openssl, but would love to have that confirmed. I'm also at a lose as to why this just suddenly stopped working all on its own.

Thanks!


Thanks! We'll be in touch soon.

Hi

If the problem persists and is related to running it on Azure App Service, please open a support incident in Azure:
https://learn.microsoft.com/en-us/azure/azure-portal/supportability/how-to-create-azure-support-request

This way we can better track and assist you on this case

Thanks,

Joaquin Vano
Azure App Service