--- /dev/null
+diff -up openssl-1.0.0-beta5/README.warning openssl-1.0.0-beta5/README
+--- openssl-1.0.0-beta5/README.warning 2010-01-20 16:00:47.000000000 +0100
++++ openssl-1.0.0-beta5/README 2010-01-21 09:06:11.000000000 +0100
+@@ -5,6 +5,35 @@
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
+
++ WARNING
++ -------
++
++ This version of OpenSSL is built in a way that supports operation in
++ the so called FIPS mode. Note though that the library as we build it
++ is not FIPS validated and the FIPS mode is present for testing purposes
++ only.
++
++ This version also contains a few differences from the upstream code
++ some of which are:
++ * There are added changes forward ported from the upstream OpenSSL
++ 0.9.8 FIPS branch however the FIPS integrity verification check
++ is implemented differently from the upstream FIPS validated OpenSSL
++ module. It verifies HMAC-SHA256 checksum of the whole shared
++ libraries. For this reason the changes are ported to files in the
++ crypto directory and not in a separate fips subdirectory. Also
++ note that the FIPS integrity verification check requires unmodified
++ libcrypto and libssl shared library files which means that it will
++ fail if these files are modified for example by prelink.
++ * The module respects the kernel FIPS flag /proc/sys/crypto/fips and
++ tries to initialize the FIPS mode if it is set to 1 aborting if the
++ FIPS mode could not be initialized. It is also possible to force the
++ OpenSSL library to FIPS mode especially for debugging purposes by
++ setting the environment variable OPENSSL_FORCE_FIPS_MODE.
++ * If the environment variable OPENSSL_NO_DEFAULT_ZLIB is set the module
++ will not automatically load the built in compression method ZLIB
++ when initialized. Applications can still explicitely ask for ZLIB
++ compression method.
++
+ DESCRIPTION
+ -----------
+
projects / ipfire-3.x.git / blobdiff