From 65d55124245eaccdb1ae71544a8ccb2581569288 Mon Sep 17 00:00:00 2001
From: Dimitri John Ledkov <xnox@ubuntu.com>
Date: Thu, 7 Feb 2019 13:57:12 +0000
Subject: [PATCH] xenapi/agent: whitelist deprecated warnings from OpenSSL
 1.1.1+

Bug: https://bugs.launchpad.net/nova/+bug/1771506
---
 nova/virt/xenapi/agent.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/nova/virt/xenapi/agent.py b/nova/virt/xenapi/agent.py
index d5f060af5d..3c97915adb 100644
--- a/nova/virt/xenapi/agent.py
+++ b/nova/virt/xenapi/agent.py
@@ -51,6 +51,10 @@ SKIP_FILES_AT_BOOT_SM_KEY = utils.SM_IMAGE_PROP_PREFIX \
 LOG = logging.getLogger(__name__)
 CONF = nova.conf.CONF
 
+_WHITELIST_OPENSSL_ERRORS = (
+    # OpenSSL 1.1.1+ warns about deprecated key derivation, despite encryption/decryption working
+    '*** WARNING : deprecated key derivation used.\nUsing -iter or -pbkdf2 would be better.\n',
+    )
 
 def _call_agent(session, instance, vm_ref, method, addl_args=None,
                 timeout=None, success_codes=None):
@@ -424,7 +428,7 @@ class SimpleDH(object):
             cmd.append('-d')
         out, err = processutils.execute(
             *cmd, process_input=encodeutils.safe_encode(text))
-        if err:
+        if err and err not in _WHITELIST_OPENSSL_ERRORS:
             raise RuntimeError(_('OpenSSL error: %s') % err)
         return out
 
-- 
2.20.1