From 43212128ae6ab58c963f277c7d308f510ddfe201 Mon Sep 17 00:00:00 2001 From: Ken Craig Date: Tue, 4 Jul 2023 14:07:48 -0400 Subject: [PATCH] Consistent with other shell executions, fix to use {{openssl_bin}} and pipefile option in the shell command for getting openssl version number (trailofbits#14558) --- roles/strongswan/tasks/openssl.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/strongswan/tasks/openssl.yml b/roles/strongswan/tasks/openssl.yml index 83a331fe9..1ffed904b 100644 --- a/roles/strongswan/tasks/openssl.yml +++ b/roles/strongswan/tasks/openssl.yml @@ -160,7 +160,10 @@ manager: auto - name: Get OpenSSL version - shell: openssl version | cut -f 2 -d ' ' + shell: | + set -o pipefail + {{ openssl_bin }} version | + cut -f 2 -d ' ' register: ssl_version run_once: true