aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan Fandrich <dan@coneharvesters.com>2014-02-10 20:44:28 +0100
committerDan Fandrich <dan@coneharvesters.com>2014-02-10 21:56:20 +0100
commit3a0d1bebba5969fb91ecfb40c27ca95eb2357f45 (patch)
tree5fb5cb0dedf99b8479d261df40d9f39d668f2422
parent909a68c1216b6ea5dbeceaedecec16a0599793d1 (diff)
secureserver: Only set stunnel FIPS option when available
It seems the fips config option causes an error if FIPS mode was not enabled at stunnel compile-time. FIPS support was disabled by default in stunnel 5.00, so this is probably really only needed on versions between 4.32 and 5.00.
-rwxr-xr-xtests/secureserver.pl11
1 files changed, 8 insertions, 3 deletions
diff --git a/tests/secureserver.pl b/tests/secureserver.pl
index 66f891f71..4b7a23b61 100755
--- a/tests/secureserver.pl
+++ b/tests/secureserver.pl
@@ -50,6 +50,7 @@ my $stuncert;
my $ver_major;
my $ver_minor;
+my $fips_support;
my $stunnel_version;
my $socketopt;
my $cmd;
@@ -189,7 +190,11 @@ foreach my $veropt (('-version', '-V')) {
if($verstr =~ /^stunnel (\d+)\.(\d+) on /) {
$ver_major = $1;
$ver_minor = $2;
- last;
+ }
+ elsif($verstr =~ /^sslVersion.*fips *= *yes/) {
+ # the fips option causes an error if stunnel doesn't support it
+ $fips_support = 1;
+ last
}
}
last if($ver_major);
@@ -253,7 +258,8 @@ if($stunnel_version >= 400) {
cert = $certfile
debug = $loglevel
socket = $socketopt";
- if($stunnel_version >= 500) {
+ if($fips_support) {
+ # disable fips in case OpenSSL doesn't support it
print STUNCONF "
fips = no";
}
@@ -283,7 +289,6 @@ if($stunnel_version >= 400) {
print "cert = $certfile\n";
print "pid = $pidfile\n";
print "debug = $loglevel\n";
- print "fips = no\n";
print "socket = $socketopt\n";
print "output = $logfile\n";
print "foreground = yes\n";