For now disable RSAX ENGINE for FIPS builds: it sets a non-FIPS RSA

method which stops FIPS mode working.
author: Dr. Stephen Henson <steve@openssl.org> 2011-10-13 11:43:44 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-10-13 11:43:44 +0000
commit: 2461396f69e931c42895b92ab68f840356bcfe4d (patch)
tree: aa6ac3f286f0326bc38c77503dbf0d3aea17dcea /Configure
parent: 81a071df2f176e6b2f6147e451343831955ab5ed (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/Configure b/Configure
index 297392daf6..1818113cbc 100755
--- a/Configure
+++ b/Configure
@@ -961,6 +961,12 @@ if ($fips && $fipslibdir eq "")
 	$fipslibdir = $fipsdir . "/lib/";
 	}
 
+# RSAX ENGINE sets default non-FIPS RSA method.
+if ($fips)
+	{
+	$disabled{"rsax"} = "forced";
+	}
+
 # SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
 if (defined($disabled{"md5"}) || defined($disabled{"sha"})
     || (defined($disabled{"rsa"})
author	Dr. Stephen Henson <steve@openssl.org>	2011-10-13 11:43:44 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-10-13 11:43:44 +0000
commit	2461396f69e931c42895b92ab68f840356bcfe4d (patch)
tree	aa6ac3f286f0326bc38c77503dbf0d3aea17dcea /Configure
parent	81a071df2f176e6b2f6147e451343831955ab5ed (diff)