Giters

rubygems / gemstash

A RubyGems.org cache and private gem server

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Support hosts in FIPS mode

ayohrling opened this issue · comments

commented

Currently, gemstash does not run on systems that are configured in FIPS mode. There are a couple spots that utilize MD5 digests that need to be replaced for valid operation. Results in the following logs when running the server and timeouts for too many connection resets in fetching gems:

md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
[2018-10-31 13:30:47 +0000] - INFO - [16128] - Worker 0 (pid: 16242) booted, phase: 0
md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
[2018-10-31 13:30:52 +0000] - INFO - [16128] - Worker 0 (pid: 16254) booted, phase: 0
md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
[2018-10-31 13:30:57 +0000] - INFO - [16128] - Worker 0 (pid: 16266) booted, phase: 0
md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
[2018-10-31 13:31:02 +0000] - INFO - [16128] - Worker 0 (pid: 16276) booted, phase: 0
commented

Am hoping for some feedback here. I feel like this should be low-hanging fruit. PR is in, we have to work from builds off my fork to use gemstash until this is merged upstream.