summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CMakeLists.txt11
-rw-r--r--config.h.in1
-rw-r--r--src/libutil/util.c4
3 files changed, 16 insertions, 0 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 29986a740..a41dd8abb 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -331,8 +331,19 @@ CHECK_SYMBOL_EXISTS(I_SETSIG "sys/types.h;sys/ioctl.h" HAVE_SETSIG)
CHECK_SYMBOL_EXISTS(O_ASYNC "sys/types.h;sys/fcntl.h" HAVE_OASYNC)
CHECK_SYMBOL_EXISTS(O_NOFOLLOW "sys/types.h;sys/fcntl.h" HAVE_ONOFOLLOW)
CHECK_SYMBOL_EXISTS(O_CLOEXEC "sys/types.h;sys/fcntl.h" HAVE_OCLOEXEC)
+
+# OpenSSL specific stuff
LIST(APPEND CMAKE_REQUIRED_INCLUDES "${LIBSSL_INCLUDE}")
+IF(LIBCRYPT_LIBRARY_PATH)
+ SET(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES};-L${LIBCRYPT_LIBRARY_PATH};${LIBCRYPT_LIBRARY}")
+ SET(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES};-L${LIBSSL_LIBRARY_PATH};${LIBSSL_LIBRARY}")
+ELSE()
+ SET(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES};-lcrypt;-lssl")
+ENDIF()
+
CHECK_SYMBOL_EXISTS(SSL_set_tlsext_host_name "openssl/ssl.h" HAVE_SSL_TLSEXT_HOSTNAME)
+CHECK_SYMBOL_EXISTS(FIPS_mode "openssl/crypto.h" HAVE_FIPS_MODE)
+
CHECK_SYMBOL_EXISTS(dirfd "sys/types.h;unistd.h;dirent.h" HAVE_DIRFD)
CHECK_SYMBOL_EXISTS(fpathconf "sys/types.h;unistd.h" HAVE_FPATHCONF)
CHECK_SYMBOL_EXISTS(sigaltstack "signal.h" HAVE_SIGALTSTACK)
diff --git a/config.h.in b/config.h.in
index c2d73a0a9..b3aefd980 100644
--- a/config.h.in
+++ b/config.h.in
@@ -32,6 +32,7 @@
#cmakedefine HAVE_FCNTL_H 1
#cmakedefine HAVE_FDATASYNC 1
#cmakedefine HAVE_FETCH_H 1
+#cmakedefine HAVE_FIPS_MODE 1
#cmakedefine HAVE_FLOCK 1
#cmakedefine HAVE_FPATHCONF 1
#cmakedefine HAVE_GETPAGESIZE 1
diff --git a/src/libutil/util.c b/src/libutil/util.c
index 3256becb9..119082964 100644
--- a/src/libutil/util.c
+++ b/src/libutil/util.c
@@ -2484,6 +2484,7 @@ rspamd_config_libs (struct rspamd_external_libs_ctx *ctx,
}
if (cfg->fips_mode) {
+#ifdef HAVE_FIPS_MODE
int mode = FIPS_mode ();
unsigned long err = (unsigned long)-1;
@@ -2505,6 +2506,9 @@ rspamd_config_libs (struct rspamd_external_libs_ctx *ctx,
else {
msg_info_config ("OpenSSL FIPS mode is enabled");
}
+#else
+ msg_warn_config ("SSL FIPS mode is enabled but not supported by OpenSSL library!");
+#endif
}
if (cfg->ssl_ca_path) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-20 18:25:27 +0000