Skip to content

Commit

Permalink
enhancement(core): Add CLI arg and env variable to control openssl pr…
Browse files Browse the repository at this point in the history 
…obing

This commit implements a new CLI argument `--openssl-no-probe` with a corresponding environment
variable `VECTOR_OPENSSL_NO_PROBE` to disable calling the `openssl_probe::init_ssl_cert_env_vars()`
function when starting Vector.

The openssl-probe functionality manipulates the `SSL_CERT_FILE` and `SSL_CERT_DIR` environment
variables in the Vector process. This behavior can be problematic for users of the `exec` source,
which by default inherits the environment of the Vector process.

Signed-off-by: Hugo Hromic <[email protected]>
  • Loading branch information
@hhromic
hhromic committed Aug 15, 2023
1 parent 1b90398 commit 5d8719c
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 3 deletions.
13 changes: 10 additions & 3 deletions src/app.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ impl Application {
}

pub fn prepare_from_opts(opts: Opts) -> Result<(Runtime, Self), ExitCode> {
init_global();
init_global(!opts.root.openssl_no_probe);

let color = opts.root.color.use_color();

Expand All @@ -191,6 +191,11 @@ impl Application {
opts.root.internal_log_rate_limit,
);

// Can only log this after initializing the logging subsystem
if opts.root.openssl_no_probe {
debug!(message = "Disabled probing and configuration of root certificate locations on the system for OpenSSL.");
}

let openssl_legacy_provider = opts
.root
.openssl_legacy_provider
Expand Down Expand Up @@ -420,8 +425,10 @@ impl FinishedApplication {
}
}

pub fn init_global() {
openssl_probe::init_ssl_cert_env_vars();
pub fn init_global(openssl_probe: bool) {
if openssl_probe {
openssl_probe::init_ssl_cert_env_vars();
}

#[cfg(not(feature = "enterprise-tests"))]
metrics::init_global().expect("metrics initialization failed");
Expand Down
4 changes: 4 additions & 0 deletions src/cli.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,10 @@ pub struct RootOpts {
/// Load the OpenSSL legacy provider.
#[arg(long, env = "VECTOR_OPENSSL_LEGACY_PROVIDER", default_value = "true")]
pub openssl_legacy_provider: bool,

/// Disable probing and configuration of root certificate locations on the system for OpenSSL.
#[arg(long, env = "VECTOR_OPENSSL_NO_PROBE", default_value = "false")]
pub openssl_no_probe: bool,
}

impl RootOpts {
Expand Down

0 comments on commit 5d8719c

Please sign in to comment.