Comment 70 for bug 1797386

This update breaks salt-ssh 2016.11.2 (started from a different computer that's running Debian Stretch) on Ubuntu 18.04 (running on the machine being managed). Having Salt break from one day to the next for managing an LTS (!) release is a rather major PITA.

Curiously enough, salt-ssh 2016.11.2 continues to work just fine on minions running Ubuntu 19.04 which ships openssl 1.1.1b-1ubuntu2.1. So whatever this SRU does apparently is different from how it works on Ubuntu 19.04.

This is the error message (from salt-ssh):

=== Begin ===
        Traceback (most recent call last):
          File "/var/tmp/.root_bdab0e_salt/salt-call", line 15, in <module>
            salt_call()
          File "/var/tmp/.root_bdab0e_salt/py2/salt/scripts.py", line 374, in salt_call
            import salt.cli.call
          File "/var/tmp/.root_bdab0e_salt/py2/salt/cli/call.py", line 9, in <module>
            import salt.cli.caller
          File "/var/tmp/.root_bdab0e_salt/py2/salt/cli/caller.py", line 18, in <module>
            import salt.loader
          File "/var/tmp/.root_bdab0e_salt/py2/salt/loader.py", line 29, in <module>
            import salt.utils.event
          File "/var/tmp/.root_bdab0e_salt/py2/salt/utils/event.py", line 72, in <module>
            import salt.payload
          File "/var/tmp/.root_bdab0e_salt/py2/salt/payload.py", line 17, in <module>
            import salt.crypt
          File "/var/tmp/.root_bdab0e_salt/py2/salt/crypt.py", line 43, in <module>
            import salt.utils.rsax931
          File "/var/tmp/.root_bdab0e_salt/py2/salt/utils/rsax931.py", line 83, in <module>
            libcrypto = _init_libcrypto()
          File "/var/tmp/.root_bdab0e_salt/py2/salt/utils/rsax931.py", line 74, in _init_libcrypto
            raise OSError("Failed to initialize OpenSSL library (OPENSSL_init_crypto failed)")
        OSError: Failed to initialize OpenSSL library (OPENSSL_init_crypto failed)
=== End ===

I was able to narrow it down to ssl.create_default_context() (invoked by tornado.netutil which salt-ssh imports indirectly via tornado.iostream) causing OPENSSL_init_crypto() to return 0 (error) on Ubuntu 18.04, but 1 (success) on Ubuntu 19.04.

=== Begin Ubuntu 18.04 ===
root@bob:~# PYTHONPATH=/var/tmp/.root_bdab0e_salt/py2 python
Python 2.7.15+ (default, Nov 27 2018, 23:36:35)
[GCC 7.3.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> _client_ssl_defaults = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
[ctypes setup for libcrypto]
>>> libcrypto.OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG |
... OPENSSL_INIT_ADD_ALL_CIPHERS |
... OPENSSL_INIT_ADD_ALL_DIGESTS, None)
0
>>>
=== End Ubuntu 18.04 ===

=== Begin Ubuntu 19.04 ===
root@bob:~# PYTHONPATH=/var/tmp/.root_bdab0e_salt/py2 python
Python 2.7.15+ (default, Nov 27 2018, 23:36:35)
[GCC 7.3.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> _client_ssl_defaults = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
[ctypes setup for libcrypto]
>>> libcrypto.OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG |
... OPENSSL_INIT_ADD_ALL_CIPHERS |
... OPENSSL_INIT_ADD_ALL_DIGESTS, None)
1
>>>
=== End Ubuntu 19.04 ===