diff options
author | Ricky Leverence <rleverence@godaddy.com> | 2019-04-12 11:53:12 -0700 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2019-05-08 09:30:15 +0200 |
commit | 3a03e59048d6b3e62f56baf4b4bd0cba5f26fe17 (patch) | |
tree | adacfa8990946888d916cc02e5e8a3cf86fd6583 | |
parent | 191ffd07082322cdfd4ca4581f39160166534405 (diff) |
OpenSSL: Report -fips in version if OpenSSL is built with FIPS
Older versions of OpenSSL report FIPS availabilty via an OPENSSL_FIPS
define. It uses this define to determine whether to publish -fips at
the end of the version displayed. Applications that utilize the version
reported by OpenSSL will see a mismatch if they compare it to what curl
reports, as curl is not modifying the version in the same way. This
change simply adds a check to see if OPENSSL_FIPS is defined, and will
alter the reported version to match what OpenSSL itself provides. This
only appears to be applicable in versions of OpenSSL <1.1.1
Closes #3771
-rw-r--r-- | lib/vtls/openssl.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index e50f929ef..9b1b5d3be 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3826,7 +3826,11 @@ static size_t Curl_ossl_version(char *buffer, size_t size) sub[0]='\0'; } - return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s", + return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s" +#ifdef OPENSSL_FIPS + "-fips" +#endif + , OSSL_PACKAGE, (ssleay_value>>28)&0xf, (ssleay_value>>20)&0xff, |