aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/openssl/openssl_plugin.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_plugin.c')
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index fb34a6858..b6d699de2 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -520,13 +520,14 @@ plugin_t *openssl_plugin_create()
fips_mode = lib->settings->get_int(lib->settings,
"libstrongswan.plugins.openssl.fips_mode", FIPS_MODE);
#ifdef OPENSSL_FIPS
- if (!FIPS_mode_set(fips_mode))
+ if (fips_mode)
{
- DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d)", fips_mode);
- return NULL;
+ if (!FIPS_mode_set(fips_mode))
+ {
+ DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d)", fips_mode);
+ return NULL;
+ }
}
- DBG1(DBG_LIB, "openssl FIPS mode(%d) - %sabled ",fips_mode,
- fips_mode ? "en" : "dis");
#else
if (fips_mode)
{
@@ -550,6 +551,13 @@ plugin_t *openssl_plugin_create()
OPENSSL_config(NULL);
OpenSSL_add_all_algorithms();
+#ifdef OPENSSL_FIPS
+ /* we do this here as it may have been enabled via openssl.conf */
+ fips_mode = FIPS_mode();
+ DBG1(DBG_LIB, "openssl FIPS mode(%d) - %sabled ", fips_mode,
+ fips_mode ? "en" : "dis");
+#endif /* OPENSSL_FIPS */
+
#ifndef OPENSSL_NO_ENGINE
/* activate support for hardware accelerators */
ENGINE_load_builtin_engines();
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 04:17:26 +0000