From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 12 Dec 2024 10:37:42 +0000 (+0100)
Subject: MINOR: ssl: add "FIPS" details in haproxy -vv
X-Git-Tag: v3.2-dev2~93
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f97ffb9ec4c7f1158d30e54b99842773861eaeac;p=thirdparty%2Fhaproxy.git

MINOR: ssl: add "FIPS" details in haproxy -vv

Add the FIPS mode in haproxy -vv, it need to be activated on the system
with openssl.cnf or by compiling the SSL library with the right options.

Can't work with OpenSSL >= 3.0 because fips a "provider" to load, works
with AWS-LC, WolfSSL and OpenSSL 1.1.1.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 7ec5bf15dd..cb03367df6 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7071,7 +7071,9 @@ static void ssl_register_build_options()
 #endif
 #endif
 	       "", ptr);
-
+#if defined(USE_OPENSSL) && (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)
+	memprintf(&ptr, "%s\nOpenSSL library FIPS mode : %s", ptr, FIPS_mode() ? "yes" : "no");
+#endif
 	memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
 	for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
 		if (methodVersions[i].option)