Commit 3a0d1beb authored by Dan Fandrich's avatar Dan Fandrich
Browse files

secureserver: Only set stunnel FIPS option when available 

It seems the fips config option causes an error if FIPS mode was
not enabled at stunnel compile-time.  FIPS support was disabled
by default in stunnel 5.00, so this is probably really only needed
on versions between 4.32 and 5.00.
parent 909a68c1

tests/secureserver.pl

+8 −3
Original line number Diff line number Diff line
@@ -50,6 +50,7 @@ my $stuncert; 


my $ver_major;

my $ver_minor;

my $fips_support;

my $stunnel_version;

my $socketopt;

my $cmd;
@@ -189,7 +190,11 @@ foreach my $veropt (('-version', '-V')) { 
        if($verstr =~ /^stunnel (\d+)\.(\d+) on /) {

            $ver_major = $1;

            $ver_minor = $2;

            last;

        }

        elsif($verstr =~ /^sslVersion.*fips *= *yes/) {

            # the fips option causes an error if stunnel doesn't support it

            $fips_support = 1;

            last

        }

    }

    last if($ver_major);
@@ -253,7 +258,8 @@ if($stunnel_version >= 400) { 
            cert = $certfile

            debug = $loglevel

            socket = $socketopt";

        if($stunnel_version >= 500) {

        if($fips_support) {

            # disable fips in case OpenSSL doesn't support it

            print STUNCONF "

            fips = no";

        }
@@ -283,7 +289,6 @@ if($stunnel_version >= 400) { 
        print "cert = $certfile\n";

        print "pid = $pidfile\n";

        print "debug = $loglevel\n";

        print "fips = no\n";

        print "socket = $socketopt\n";

        print "output = $logfile\n";

        print "foreground = yes\n";