Deploys fail when the user has replaced their default SSL library with LibreSSL. This typically happens on macOS users that have messed with Homebrew a little too much. Here's an example error message:
TASK [vpn : Build the CA pair] *
fatal: [67.205.173.51 -> localhost]: FAILED! => {“changed”: true, “cmd”: “openssl ecparam -name prime256v1 -out ecparams/prime256v1.pem && openssl req -utf8 -new -newkey ec:ecparams/prime256v1.pem -config openssl.cnf -keyout private/cakey.pem -out cacert.pem -x509 -days 3650 -batch -passout pass:\“1c0febfbd771b101c04485846a08a15f\” && touch 67.205.173.51_ca_generated”, “delta”: “0:00:00.039275", “end”: “2017-07-14 18:10:14.276884", “failed”: true, “rc”: 1, “start”: “2017-07-14 18:10:14.237609", “stderr”: “error on line 113 of openssl.cnf\n140734815302536:error:0E065068:configuration file routines:STR_COPY:variable has no value:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/libressl/crypto/conf/conf_def.c:573:line 113", “stdout”: “”, “stdout_lines”: [], “warnings”: []}
TASK [vpn : debug] *
ok: [67.205.173.51] => {
“fail_hint”: [
“Sorry, but something went wrong!“,
“Please check the troubleshooting guide.“,
“https://trailofbits.github.io/algo/troubleshooting.html”
]
}
TASK [vpn : fail] **
fatal: [67.205.173.51]: FAILED! => {“changed”: false, “failed”: true, “msg”: “Failed as requested from task”}
We should either fix the install scripts to work with LibreSSL or add an entry to the Troubleshooting page about it.
Did you try to execute the failed line manually? That could offer additional insight as to what exactly goes wrong.
The command that seems to fail:
openssl ecparam -name prime256v1 -out ecparams/prime256v1.pem && openssl req -utf8 -new -newkey ec:ecparams/prime256v1.pem -config openssl.cnf -keyout private/cakey.pem -out cacert.pem -x509 -days 3650 -batch -passout pass:\“1c0febfbd771b101c04485846a08a15f\” && touch 67.205.173.51_ca_generated
This typically happens on macOS users that have messed with Homebrew a little too much
macOS High Sierra (beta) switched to LibreSSL as well
macOS High Sierra has this issue, as it appears to ship with a version of Libressl:
% openssl version
LibreSSL 2.2.7
As a workaround, you can install openssl through brew, and export it into your path (as instructed in brew info openssl to get ./algo to succeed.
e.g.
brew install openssl;
export PATH="/usr/local/opt/openssl/bin:$PATH"
./algo
Most helpful comment
macOS High Sierra has this issue, as it appears to ship with a version of Libressl:
As a workaround, you can install openssl through brew, and export it into your path (as instructed in
brew info opensslto get ./algo to succeed.e.g.