Find OpenSSL version

2026-06-06 07:12:54 -04:00 · 2019-08-26 16:58:01 -07:00 · 2019-08-26 16:58:01 -07:00 · 15f8d5f4a4
commit 15f8d5f4a4
parent fdb0a14812
1 changed files with 43 additions and 0 deletions
--- a/certbot-nginx/certbot_nginx/configurator.py
+++ b/certbot-nginx/certbot_nginx/configurator.py
@ -91,8 +91,12 @@ class NginxConfigurator(common.Installer):
        :param tup version: version of Nginx as a tuple (1, 4, 7)
            (used mostly for unittesting)

+        :param tup openssl_version: version of OpenSSL linked to Nginx as a tuple (1, 4, 7)
+            (used mostly for unittesting)
+
        """
        version = kwargs.pop("version", None)
+        openssl_version = kwargs.pop("openssl_version", None)
        super(NginxConfigurator, self).__init__(*args, **kwargs)

        # Verify that all directories and files exist with proper permissions
@ -115,6 +119,7 @@ class NginxConfigurator(common.Installer):
        # These will be set in the prepare function
        self.parser = None
        self.version = version
+        self.openssl_version = openssl_version
        self._enhance_func = {"redirect": self._enable_redirect,
                              "ensure-http-header": self._set_http_header,
                              "staple-ocsp": self._enable_ocsp_stapling}
@ -169,6 +174,9 @@ class NginxConfigurator(common.Installer):
        if self.version is None:
            self.version = self.get_version()

+        if self.openssl_version is None:
+            self.openssl_version = self._get_openssl_version()
+
        self.install_ssl_options_conf(self.mod_ssl_conf, self.updated_mod_ssl_conf_digest)

        self.install_ssl_dhparams()
@ -964,6 +972,41 @@ class NginxConfigurator(common.Installer):

        return nginx_version

+    def _get_openssl_version(self):
+        """Return version of OpenSSL linked to Nginx.
+
+        Version is returned as string.
+
+        :returns: openssl_version
+        :rtype: str
+
+        :raises .PluginError:
+            Unable to find OpenSSL version
+
+        """
+        try:
+            proc = subprocess.Popen(
+                [self.conf('ctl'), "-c", self.nginx_conf, "-V"],
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+                universal_newlines=True)
+            text = proc.communicate()[1]  # nginx prints output to stderr
+        except (OSError, ValueError) as error:
+            logger.debug(str(error), exc_info=True)
+            raise errors.PluginError(
+                "Unable to run %s -V" % self.conf('ctl'))
+
+        running_with_regex = re.compile(r"running with OpenSSL ([^\S]+) ")
+        matches = running_with_regex.findall(text)
+        if not matches:
+            built_with_regex = re.compile(r"built with OpenSSL ([^\S]+) ")
+            matches = built_with_regex.findall(text)
+            if not matches:
+                logger.warning("NGINX configured with OpenSSL alternatives is not officially"
+                    "supported by Certbot.")
+                return ""
+        return matches[0]
+
    def more_info(self):
        """Human-readable string to help understand the module"""
        return (