OpenSSL: Report -fips in version if OpenSSL is built with FIPS
Older versions of OpenSSL report FIPS availabilty via an OPENSSL_FIPS define. It uses this define to determine whether to publish -fips at the end of the version displayed. Applications that utilize the version reported by OpenSSL will see a mismatch if they compare it to what curl reports, as curl is not modifying the version in the same way. This change simply adds a check to see if OPENSSL_FIPS is defined, and will alter the reported version to match what OpenSSL itself provides. This only appears to be applicable in versions of OpenSSL <1.1.1 Closes #3771
This commit is contained in:
Родитель
191ffd0708
Коммит
3a03e59048
|
@ -3826,7 +3826,11 @@ static size_t Curl_ossl_version(char *buffer, size_t size)
|
||||||
sub[0]='\0';
|
sub[0]='\0';
|
||||||
}
|
}
|
||||||
|
|
||||||
return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s",
|
return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s"
|
||||||
|
#ifdef OPENSSL_FIPS
|
||||||
|
"-fips"
|
||||||
|
#endif
|
||||||
|
,
|
||||||
OSSL_PACKAGE,
|
OSSL_PACKAGE,
|
||||||
(ssleay_value>>28)&0xf,
|
(ssleay_value>>28)&0xf,
|
||||||
(ssleay_value>>20)&0xff,
|
(ssleay_value>>20)&0xff,
|
||||||
|
|
Загрузка…
Ссылка в новой задаче