Remove getenv(OPENSSL_FIPS) in openssl command #11995
Conversation
This is left over from the past.
|
My concern about this code, is that it might be re-used for the 3.0 FIPS provider, |
|
The configuration file specifies FIPS mode now. It's reasonable for this to go. At the least the message should be changed to say that the environment variable is not supported, use the configuration file instead. |
|
I'm unsure about 1.1.1 for this. |
|
Why, this is no documented behavior, and it plays a prank on the user. |
|
This environment variable was most relevant with the FIPS OpenSSL Module 2.0 (compatible with OpenSSL 1.0.2). The reason we have the error is for users that have upgrade to the 1.1.x series must not be lead to believe that OPENSSL_FIPS still has the meaning they might think. So I see nothing against removing this in 3.0, we have moved far enough from 1.0.2 to simply drop the check. For 1.1.1, I'm just as dubious as @paulidale. |
|
Okay, then I'll add this to my 1.1.1 feature branch #11900 |
|
This pull request is ready to merge |
This is left over from the past. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from #11995)
|
Merged to master as 32df134 |
This is left over from the past.
Checklist