From cee17da89cc15988d87332630769682c5aa5a4be Mon Sep 17 00:00:00 2001
From: Hugo Hromic <hhromic@gmail.com>
Date: Sat, 12 Aug 2023 19:17:31 +0100
Subject: [PATCH] enhancement(core): Only run openssl-probe when no SSL
 variable is set

This commit only applies the `openssl_probe::init_ssl_cert_env_vars()` function if both
`openssl_probe::ENV_CERT_FILE` (typically `SSL_CERT_FILE`) and `openssl_probe::ENV_CERT_DIR`
(typically `SSL_CERT_DIR`) are unset in the environment.

This allows users to fully disable the openssl-probe functionality by configuring at least one of
these variables in the environment when starting Vector.

Previously, `init_ssl_cert_env_vars()` would configure both of these variables independently. If the
user provides only one of them, the other would still be configured. Furthermore, openssl-prober
silently overrides variables if they point to invalid files/directories. All of this can be very
confusing for users of the `exec` source, which by default inherits the environment from Vector.

Signed-off-by: Hugo Hromic <hhromic@gmail.com>
---
 src/app.rs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/app.rs b/src/app.rs
index b745d831e07c32..739aeec386de63 100644
--- a/src/app.rs
+++ b/src/app.rs
@@ -421,7 +421,12 @@ impl FinishedApplication {
 }
 
 pub fn init_global() {
-    openssl_probe::init_ssl_cert_env_vars();
+    // Configure the default openssl trust store if not provided in the environment.
+    if std::env::var(openssl_probe::ENV_CERT_FILE).is_err()
+        && std::env::var(openssl_probe::ENV_CERT_DIR).is_err()
+    {
+        openssl_probe::init_ssl_cert_env_vars();
+    }
 
     #[cfg(not(feature = "enterprise-tests"))]
     metrics::init_global().expect("metrics initialization failed");