How to enable the OpenSSL 3.0 legacy provider Github Actions?

Question

OpenSSL deprecated a set of hash functions in the 3.0 release. (See OpenSSL_3.0#Provider_implemented_digests.)

For a library I maintain, I need some of them for backward compatibility, e.g., RIPEMD160.

However, since OpenSSL 3.0 gets rolled out through various distributions, it now starts to fail on my Github actions with the latest Ubuntu 22.4 LTS image because it is now disabled by default.

So, further down the OpenSSL wiki page it explains how to enable the legacy features in the SSL config for the system. However, when I try to modify the system's openssl config file, I get a permission denied error even after using sudo.

sudo sed -i '/^\default = default_sect/a legacy = legacy_sect' /etc/ssl/openssl.cnf
sudo sed -i '/^\[default_sect\]/a activate = 1' /etc/ssl/openssl.cnf
sudo echo "[legacy_sect]" >> /etc/ssl/openssl.cnf
sudo echo "activate = 1" >> /etc/ssl/openssl.cnf
shell: /usr/bin/bash -e {0}
/home/runner/work/_temp/9f9803fe-a061-4d59-bed1-83d345569dbe.sh: line 3: /etc/ssl/openssl.cnf: Permission denied

If I cannot modify the config, how do I enable the OpenSSL 3.0 legacy provider Github Actions?

Answer 1

You don't need modify the system config file. You can create a new config file somewhere and then set the OPENSSL_CONF environment variable to point at it. Any process that uses openssl will use that environment variable as the location for its config file in preference to the system default location.