From 559a0233525a6a215cc52ec7a1977efb29c4a584 Mon Sep 17 00:00:00 2001
From: "Daniel A. Wozniak" <daniel.wozniak@broadcom.com>
Date: Mon, 30 Jun 2025 13:07:54 -0700
Subject: [PATCH 1/2] Always load default and legacy openssl modules

---
 relenv/runtime.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/relenv/runtime.py b/relenv/runtime.py
index 0e4de7f0..0888d8f3 100644
--- a/relenv/runtime.py
+++ b/relenv/runtime.py
@@ -859,6 +859,13 @@ def setup_openssl():
     openssl_bin = shutil.which("openssl")
     if not openssl_bin:
         debug("Could not find the 'openssl' binary in the path")
+        set_openssl_modules_dir(str(sys.RELENV / "lib" / "ossl-modules"))
+
+        if load_openssl_provider("default") == 0:
+            debug("Unable to load the default openssl provider")
+        if load_openssl_provider("legacy") == 0:
+            debug("Unable to load the legacy openssl provider")
+
         return
 
     if "OPENSSL_MODULES" not in os.environ and sys.platform != "win32":

From 653c5e3f0fec077975d22252c22d4ea93234d78e Mon Sep 17 00:00:00 2001
From: "Daniel A. Wozniak" <daniel.wozniak@broadcom.com>
Date: Mon, 30 Jun 2025 14:22:51 -0700
Subject: [PATCH 2/2] Adding test for openssl default and legacy modules

Verify the default and legacy moduels are loaded when there is no
openssl binary on the system.
---
 tests/test_verify_build.py | 85 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)

diff --git a/tests/test_verify_build.py b/tests/test_verify_build.py
index 6d3c46c9..91a3b649 100644
--- a/tests/test_verify_build.py
+++ b/tests/test_verify_build.py
@@ -1530,3 +1530,88 @@ def test_install_editable_package_in_extras(
     assert p.returncode == 0
     p = subprocess.run([str(pyexec), "-c", "import saltext.zabbix"], env=env)
     assert p.returncode == 0
+
+
+@pytest.fixture
+def rockycontainer(build):
+    if not shutil.which("docker"):
+        pytest.skip(reason="No docker binary found")
+    name = "rocky10"
+    subprocess.run(
+        [
+            "docker",
+            "create",
+            "--name",
+            name,
+            "-v",
+            f"{build}:/test",
+            "--entrypoint",
+            "tail",
+            "rockylinux/rockylinux:10",
+            "-f",
+            "/dev/null",
+        ],
+        capture_output=True,
+        check=True,
+    )
+    subprocess.run(
+        [
+            "docker",
+            "start",
+            name,
+        ],
+        capture_output=True,
+        check=True,
+    )
+    try:
+        yield name
+    finally:
+        subprocess.run(
+            [
+                "docker",
+                "stop",
+                name,
+            ],
+            capture_output=True,
+            check=True,
+        )
+        subprocess.run(
+            [
+                "docker",
+                "rm",
+                name,
+            ],
+            capture_output=True,
+            check=True,
+        )
+
+
+@pytest.mark.skip_on_windows
+def test_no_openssl_binary(rockycontainer, pipexec):
+    env = os.environ.copy()
+    env["RELENV_BUILDENV"] = "yes"
+    proc = subprocess.run(
+        [
+            str(pipexec),
+            "install",
+            "cryptography",
+            "--no-binary=:all:",
+            "--no-cache-dir",
+        ],
+        env=env,
+    )
+    assert proc.returncode == 0
+    proc = subprocess.run(
+        [
+            "docker",
+            "exec",
+            rockycontainer,
+            "test/bin/python3",
+            "-c",
+            "import cryptography.exceptions",
+        ],
+        capture_output=True,
+    )
+
+    errors = proc.stderr.decode()
+    assert "legacy provider failed to load" not in errors