enhancement(core): Only run openssl-probe when no SSL variable is set

This commit only applies the `openssl_probe::init_ssl_cert_env_vars()` function if both `openssl_probe::ENV_CERT_FILE` (typically `SSL_CERT_FILE`) and `openssl_probe::ENV_CERT_DIR` (typically `SSL_CERT_DIR`) are unset in the environment. This allows users to fully disable the openssl-probe functionality by configuring at least one of these variables in the environment when starting Vector. Previously, `init_ssl_cert_env_vars()` would configure both of these variables independently. If the user provides only one of them, the other would still be configured. Furthermore, openssl-prober silently overrides variables if they point to invalid files/directories. All of this can be very confusing for users of the `exec` source, which by default inherits the environment from Vector. Signed-off-by: Hugo Hromic <[email protected]>
vectordotdev · Aug 12, 2023 · cee17da · cee17da
1 parent e61c14f
commit cee17da
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/src/app.rs b/src/app.rs
@@ -421,7 +421,12 @@ impl FinishedApplication {
 }
 
 pub fn init_global() {
-    openssl_probe::init_ssl_cert_env_vars();
+    // Configure the default openssl trust store if not provided in the environment.
+    if std::env::var(openssl_probe::ENV_CERT_FILE).is_err()
+        && std::env::var(openssl_probe::ENV_CERT_DIR).is_err()
+    {
+        openssl_probe::init_ssl_cert_env_vars();
+    }
 
     #[cfg(not(feature = "enterprise-tests"))]
     metrics::init_global().expect("metrics initialization failed");