[Openswan dev] _realsetup fipscheck stuff
paul at xelerance.com
Mon Jul 13 05:32:15 EDT 2009
On Mon, 13 Jul 2009, Tuomo Soini wrote:
> But what if you want non-nss version of openswan on fips enabled system.
The whole point is that you cannot. Because the "you want" is undistinguishable
from "some exploit wants". Its supposed to protect you....
> Now _realsetup has fipscheck calls even when openswan is compiled
> without USE_LIBNSS and USE_FIPSCHECK.
> Compile without USE_FIPSCHECK should mean no fipscheck calls in _realsetup.
That indeed should get fixed.
More information about the Dev