Add FIPS provider option for openssl-devel.
Details
Details
Diff Detail
Diff Detail
- Repository
- rP FreeBSD ports repository
- Lint
No Lint Coverage - Unit
No Test Coverage - Build Status
Buildable 31264 Build 28910: arc lint + arc unit
Event Timeline
Comment Actions
Bernard,
With OpenSSL 3.0, it includes a FIPS provider and appropriate switches for the build. Thought it would be good to hook this up.
Gordon
Comment Actions
Thanks! The Modules are one of the big changes in 3.0, should've picked that up.
It is now enabled by default, good to make it an option!
Guess we're missing a change to pkg-plist here?
=================================================================== --- pkg-plist (revision 535366) +++ pkg-plist (working copy) @@ -136,7 +136,7 @@ lib/libssl.a %%SHARED%%lib/libssl.so %%SHARED%%lib/libssl.so.%%SHLIBVER%% -%%SHARED%%lib/ossl-modules/fips.so +%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so %%SHARED%%lib/ossl-modules/legacy.so libdata/pkgconfig/libcrypto.pc libdata/pkgconfig/libssl.pc
Comment Actions
Ah yeah. I will admit I didn't actually test installing it as I didn't have a convenient host to test it on.
Gordon
Comment Actions
Per D24274, the KTLS option has an OSVERSION dependency:
OPTIONS_EXCLUDE=${${OSVERSION} < 1300042:?KTLS:}