Add FIPS provider option for openssl-devel.
Details
Details
Diff Detail
Diff Detail
- Repository
- rP FreeBSD ports repository
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Comment Actions
Bernard,
With OpenSSL 3.0, it includes a FIPS provider and appropriate switches for the build. Thought it would be good to hook this up.
Gordon
Comment Actions
Thanks! The Modules are one of the big changes in 3.0, should've picked that up.
It is now enabled by default, good to make it an option!
Guess we're missing a change to pkg-plist here?
=================================================================== --- pkg-plist (revision 535366) +++ pkg-plist (working copy) @@ -136,7 +136,7 @@ lib/libssl.a %%SHARED%%lib/libssl.so %%SHARED%%lib/libssl.so.%%SHLIBVER%% -%%SHARED%%lib/ossl-modules/fips.so +%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so %%SHARED%%lib/ossl-modules/legacy.so libdata/pkgconfig/libcrypto.pc libdata/pkgconfig/libssl.pc
Comment Actions
Ah yeah. I will admit I didn't actually test installing it as I didn't have a convenient host to test it on.
Gordon
Comment Actions
Per D24274, the KTLS option has an OSVERSION dependency:
OPTIONS_EXCLUDE=${${OSVERSION} < 1300042:?KTLS:}