Skip to content

Commit

Permalink
[ruby/openssl] CI: Add OpenSSL FIPS mode case.
Browse files Browse the repository at this point in the history 
test/openssl/fixtures/ssl/openssl_fips.cnf.tmpl:

I referred to the following document for the openssl config file for FIPS mode.
<https://www.openssl.org/docs/manmaster/man7/fips_module.html>
- Making all applications use the FIPS module by default

It seems that the `.include` syntax only requires the absolute path.
So, the placeholder OPENSSL_DIR in the template file is replaced with the
actual OpenSSL directory.

.github/workflows/test.yml:

The `TEST_RUBY_OPENSSL_FIPS_ENABLED` environment variable is set
in the FIPS mode CI case. It can be used in the unit tests.

ruby/openssl@18b017218c
  • Loading branch information
@junaruga @hsbt
junaruga authored and hsbt committed May 19, 2023
1 parent 94a513b commit 741a3bd
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions test/openssl/fixtures/ssl/openssl_fips.cnf.tmpl
View file
@@ -0,0 +1,19 @@
config_diagnostics = 1
openssl_conf = openssl_init

# It seems that the .include needs an absolute path.
.include OPENSSL_DIR/ssl/fipsmodule.cnf

[openssl_init]
providers = provider_sect
alg_section = algorithm_sect

[provider_sect]
fips = fips_sect
base = base_sect

[base_sect]
activate = 1

[algorithm_sect]
default_properties = fips=yes

0 comments on commit 741a3bd

Please sign in to comment.