openssl: Don't re-enter FIPS mode if we are already using it
If FIPS mode has been enabled by other means, under some environments it can't be entered again. It fails with "FIPS mode already set". To avoid it, we first check the mode before changing it.
This commit is contained in:
parent
549502bcb2
commit
d34d800c6c
|
@ -526,9 +526,10 @@ plugin_t *openssl_plugin_create()
|
|||
#ifdef OPENSSL_FIPS
|
||||
if (fips_mode)
|
||||
{
|
||||
if (!FIPS_mode_set(fips_mode))
|
||||
if (FIPS_mode() != fips_mode && !FIPS_mode_set(fips_mode))
|
||||
{
|
||||
DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d)", fips_mode);
|
||||
DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d) from (%d)",
|
||||
fips_mode, FIPS_mode());
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue