diff options
author | Antonio Quartulli | 2022-02-03 20:36:55 +0100 |
---|---|---|
committer | Gert Doering | 2022-02-04 12:11:48 +0100 |
commit | 2914444e7cd514eb03e6cd7949e5219557710ae8 (patch) | |
tree | 4f460fb8d817e2fa2ad44d398fbbaf4897806fef /sample/sample-keys/ca.crt | |
parent | 2d822550ad990fbd498523fb1ab62ca19b3bb93c (diff) | |
download | openvpn-2914444e7cd514eb03e6cd7949e5219557710ae8.zip openvpn-2914444e7cd514eb03e6cd7949e5219557710ae8.tar.gz |
crypto: move OpenSSL specific FIPS check to its backend
Our crypto API already provides a function performing a validity check
on the specified ciphername. The OpenSSL counterpart also checks for the
cipher being FIPS-enabled.
This API is cipher_valid(). Extend it so that it can provide a reason
whenever the cipher is not valid and use it in crypto.c.
This way we move any OpenSSL specific bit to its own
backend and directly use the new cipher_valid_reason() API in the
generic code.
This patch fixes compilations with mbedTLS when some OpenSSL is also
installed. The issue was introduced with:
544330fe ("crypto: Fix OPENSSL_FIPS enabled builds")
Cc: David Sommerseth <davids@openvpn.net>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20220203193655.28791-2-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23714.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'sample/sample-keys/ca.crt')
0 files changed, 0 insertions, 0 deletions