[Openswan dev] _realsetup fipscheck stuff
tis at foobar.fi
Mon Jul 13 03:58:44 EDT 2009
I think this fipscheck stuff in _realsetup is wrong now. fipscheck
binary calls are run if system fips is enabled (proc has fips enabled).
But what if you want non-nss version of openswan on fips enabled system.
Now _realsetup has fipscheck calls even when openswan is compiled
without USE_LIBNSS and USE_FIPSCHECK.
Compile without USE_FIPSCHECK should mean no fipscheck calls in _realsetup.
What's correct fix? I don't know. Should we have _realsetup.fipscheck
which get run by _realsetup if _realsetup was compiled with fipscheck
enabled or is there possibility to add fipscheck parts of _realsetup.in
to _realsetup only if USE_FIPSCHECK was enabled on compile time?
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Dev