From b7d979b5f7d28114050d1cdc43f39e6e83bd80d5 Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Thu, 12 Oct 2023 13:52:59 +0200 Subject: [PATCH] disable fips options Signed-off-by: rpm-build --- src/crypto/crypto_util.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc index 59ae7f8..7343396 100644 --- a/src/crypto/crypto_util.cc +++ b/src/crypto/crypto_util.cc @@ -111,6 +111,8 @@ bool ProcessFipsOptions() { /* Override FIPS settings in configuration file, if needed. */ if (per_process::cli_options->enable_fips_crypto || per_process::cli_options->force_fips_crypto) { + fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n"); + return false; #if OPENSSL_VERSION_MAJOR >= 3 OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips"); if (fips_provider == nullptr) -- 2.44.0