diff options
author | Dan Fandrich <dan@coneharvesters.com> | 2014-02-10 20:44:28 +0100 |
---|---|---|
committer | Dan Fandrich <dan@coneharvesters.com> | 2014-02-10 21:56:20 +0100 |
commit | 3a0d1bebba5969fb91ecfb40c27ca95eb2357f45 (patch) | |
tree | 5fb5cb0dedf99b8479d261df40d9f39d668f2422 /tests | |
parent | 909a68c1216b6ea5dbeceaedecec16a0599793d1 (diff) |
secureserver: Only set stunnel FIPS option when available
It seems the fips config option causes an error if FIPS mode was
not enabled at stunnel compile-time. FIPS support was disabled
by default in stunnel 5.00, so this is probably really only needed
on versions between 4.32 and 5.00.
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/secureserver.pl | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/tests/secureserver.pl b/tests/secureserver.pl index 66f891f71..4b7a23b61 100755 --- a/tests/secureserver.pl +++ b/tests/secureserver.pl @@ -50,6 +50,7 @@ my $stuncert; my $ver_major; my $ver_minor; +my $fips_support; my $stunnel_version; my $socketopt; my $cmd; @@ -189,7 +190,11 @@ foreach my $veropt (('-version', '-V')) { if($verstr =~ /^stunnel (\d+)\.(\d+) on /) { $ver_major = $1; $ver_minor = $2; - last; + } + elsif($verstr =~ /^sslVersion.*fips *= *yes/) { + # the fips option causes an error if stunnel doesn't support it + $fips_support = 1; + last } } last if($ver_major); @@ -253,7 +258,8 @@ if($stunnel_version >= 400) { cert = $certfile debug = $loglevel socket = $socketopt"; - if($stunnel_version >= 500) { + if($fips_support) { + # disable fips in case OpenSSL doesn't support it print STUNCONF " fips = no"; } @@ -283,7 +289,6 @@ if($stunnel_version >= 400) { print "cert = $certfile\n"; print "pid = $pidfile\n"; print "debug = $loglevel\n"; - print "fips = no\n"; print "socket = $socketopt\n"; print "output = $logfile\n"; print "foreground = yes\n"; |