From: Pauli <pauli@openssl.org>
Date: Mon, 17 Apr 2023 05:39:24 +0000 (+1000)
Subject: doc: document the -pedantic option to fipsinstall.
X-Git-Tag: openssl-3.2.0-alpha1~994
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d30fec6ff438f73f4e255b0b9c6af3ea57ec122a;p=thirdparty%2Fopenssl.git

doc: document the -pedantic option to fipsinstall.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20752)
---

diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in
index e3ceeb481c7..eab19385f09 100644
--- a/doc/man1/openssl-fipsinstall.pod.in
+++ b/doc/man1/openssl-fipsinstall.pod.in
@@ -19,6 +19,7 @@ B<openssl fipsinstall>
 [B<-macopt> I<nm>:I<v>]
 [B<-noout>]
 [B<-quiet>]
+[B<-pedantic>]
 [B<-no_conditional_errors>]
 [B<-no_security_checks>]
 [B<-ems_check>]
@@ -158,6 +159,14 @@ The default digest is SHA-256.
 
 Disable logging of the self tests.
 
+=item B<-pedantic>
+
+Configure the module so that it is strictly FIPS compliant rather
+than being backwards compatible.  This enables conditional errors,
+security checks etc.  Note that any previous configuration options will
+be overwritten and any subsequent configuration options that violate
+FIPS compliance will result in an error.
+
 =item B<-no_conditional_errors>
 
 Configure the module to not enter an error state if a conditional self test