Have found the same issue and it looks like you need to have a version of
OpenSSL that supports the encryption installed. Note: This only appears to
be in the 3.x stream - must be a change in there to strengthen the
certificates or something. 2.x seems OK as far as I can tell...
The one Oracle/Sun provides in /usr/sfw doesn''t support SHA256 by the
looks
of it (Its OpenSSL 0.9.7d with security patches)
Run ldd against the OpenSSL library in Ruby to confirm which library you
are using:
bash-3.2# ldd ./lib/ruby/1.8/i386-solaris2.10/openssl.so | grep ssl
libssl.so.0.9.7 => /usr/sfw/lib/64/libssl.so.0.9.7 <--
/usr/sfw/lib is core Solaris GNU packages - really old...
libssl_extra.so.0.9.7 =>
/usr/sfw/lib/amd64/libssl_extra.so.0.9.7
(NOTE: You will need find your openssl.so object - in my case its from a
self-compiled copy of ruby...)
bash-3.2# uname -a
SunOS test1 5.10 Generic_147441-25 i86pc i386 i86pc
bash-3.2# /usr/sfw/bin/openssl version
OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969
CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
CVE-2006-7250 CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2008-7270
CVE-2009-0590 CVE-2009-2409 CVE-2009-3555 CVE-2010-4180 CVE-2011-4576
CVE-2011-4619 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131
CVE-2012-2333)
Basically, looks like you need to get packages for (or compile) a more
recent version of OpenSSL then link ruby against it. A very brief glance at
http://www.openssl.org/news/changelog.html suggests that you need version
1.0.1 or later.
Checking Solaris 11:
bash# openssl version
OpenSSL 1.0.0j 10 May 2012
bash# uname -a
SunOS test2 5.11 11.0 i86pc i386 i86pc
This version also seems to support sha256, so looks like it may be
available in some current 1.0.0 streams as well...
Hope that helps...
Greg
On Saturday, 22 September 2012 07:39:50 UTC+10, Jakov Sosic
wrote:>
> On 09/21/2012 01:35 PM, Peter Spatz wrote:
> > Hello,
> >
> > first, i�m new to puppet. I�m searching for a configuration
> management
> > tool and puppet was in focus.
> > I�m using Solaris Zone
> > SunOS: 5.10 Generic_147440-15 sun4v sparc sun4v
> > Ruby: ruby 1.8.5 (2006-12-04 patchlevel 2) [sparc-solaris2.10]
> > puppet: v3.0.0-rc6
> >
>
/lib:/usr/lib:/opt/coolstack/mysql_32bit/bin/:/opt/coolstack/mysql_32bit/lib/:/usr/local/lib:/opt/sfw/lib/ruby/:/usr/local/ss/lib/
>
> >
> > Starting puppet master, syslog prints:
> >
> > Sep 21 13:24:55 sis102f0 puppet-master[9649]: [ID 702911 daemon.debug]
> > Finishing transaction 6891204
> > Sep 21 13:24:55 sis102f0 puppet-master[9649]: [ID 702911 daemon.info]
> > Creating a new SSL certificate request for ca
> > Sep 21 13:24:55 sis102f0 puppet-master[9649]: [ID 702911 daemon.error]
> > Could not prepare for execution: uninitialized constant
> > OpenSSL::Digest::SHA256
> >
> > What�s missing?
>
> First, what does the:
> $ which ruby
>
> says?
>
> Then try this:
> $ ruby -ropenssl -e ''p
OpenSSL::Digest::Digest.new("sha256")''
>
> and this:
> $ ruby -e "puts require(''openssl'')"
>
> And then report back with output.
>
> Also, that being Solaris, check whether you have more than one ruby
> installations on system and if you are using the right one...
>
>
>
> --
> Jakov Sosic
> www.srce.unizg.hr
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/IwxB8_WPDtwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.