nodejs/0002-disable-fips-options.patch

27 lines
1.1 KiB
Diff
Raw Permalink Normal View History

From b7d979b5f7d28114050d1cdc43f39e6e83bd80d5 Mon Sep 17 00:00:00 2001
From: Honza Horak <hhorak@redhat.com>
Date: Thu, 12 Oct 2023 13:52:59 +0200
Subject: [PATCH] disable fips options
Signed-off-by: rpm-build <rpm-build>
---
src/crypto/crypto_util.cc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
index 59ae7f8..7343396 100644
--- a/src/crypto/crypto_util.cc
+++ b/src/crypto/crypto_util.cc
@@ -111,6 +111,8 @@ bool ProcessFipsOptions() {
/* Override FIPS settings in configuration file, if needed. */
if (per_process::cli_options->enable_fips_crypto ||
per_process::cli_options->force_fips_crypto) {
+ fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
+ return false;
#if OPENSSL_VERSION_MAJOR >= 3
OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
if (fips_provider == nullptr)
--
2.44.0