Unverified Commit 3a03e590 authored by Ricky Leverence's avatar Ricky Leverence Committed by Daniel Stenberg
Browse files

OpenSSL: Report -fips in version if OpenSSL is built with FIPS 

Older versions of OpenSSL report FIPS availabilty via an OPENSSL_FIPS
define. It uses this define to determine whether to publish -fips at
the end of the version displayed. Applications that utilize the version
reported by OpenSSL will see a mismatch if they compare it to what curl
reports, as curl is not modifying the version in the same way. This
change simply adds a check to see if OPENSSL_FIPS is defined, and will
alter the reported version to match what OpenSSL itself provides. This
only appears to be applicable in versions of OpenSSL <1.1.1

Closes #3771
parent 191ffd07

lib/vtls/openssl.c

+5 −1
Original line number Diff line number Diff line
@@ -3826,7 +3826,11 @@ static size_t Curl_ossl_version(char *buffer, size_t size) 
      sub[0]='\0';

  }



  return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s",

  return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s"

#ifdef OPENSSL_FIPS

                   "-fips"

#endif

                   ,

                   OSSL_PACKAGE,

                   (ssleay_value>>28)&0xf,

                   (ssleay_value>>20)&0xff,