OpenSSL: Report -fips in version if OpenSSL is built with FIPS

Older versions of OpenSSL report FIPS availabilty via an OPENSSL_FIPS
define. It uses this define to determine whether to publish -fips at
the end of the version displayed. Applications that utilize the version
reported by OpenSSL will see a mismatch if they compare it to what curl
reports, as curl is not modifying the version in the same way. This
change simply adds a check to see if OPENSSL_FIPS is defined, and will
alter the reported version to match what OpenSSL itself provides. This
only appears to be applicable in versions of OpenSSL <1.1.1

Closes #3771
This commit is contained in:
Ricky Leverence 2019-04-12 11:53:12 -07:00 коммит произвёл Daniel Stenberg
Родитель 191ffd0708
Коммит 3a03e59048
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 5CC908FDB71E12C2
1 изменённых файлов: 5 добавлений и 1 удалений

Просмотреть файл

@ -3826,7 +3826,11 @@ static size_t Curl_ossl_version(char *buffer, size_t size)
sub[0]='\0'; sub[0]='\0';
} }
return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s", return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s"
#ifdef OPENSSL_FIPS
"-fips"
#endif
,
OSSL_PACKAGE, OSSL_PACKAGE,
(ssleay_value>>28)&0xf, (ssleay_value>>28)&0xf,
(ssleay_value>>20)&0xff, (ssleay_value>>20)&0xff,