#include <string.h>
#include <unistd.h>
+#include <openssl/opensslv.h>
+
#include <isc/fips.h>
#include <isc/md.h>
#include <isc/net.h>
fprintf(stderr, "\t--enable-querytrace\n");
fprintf(stderr, "\t--gethostname\n");
fprintf(stderr, "\t--gssapi\n");
+ fprintf(stderr, "\t--have-fips-dh\n");
fprintf(stderr, "\t--have-fips-mode\n");
fprintf(stderr, "\t--have-geoip2\n");
fprintf(stderr, "\t--have-json-c\n");
#endif /* HAVE_GSSAPI */
}
+ if (strcmp(argv[1], "--have-fips-dh") == 0) {
+#if defined(ENABLE_FIPS_MODE)
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ return (0);
+#else
+ return (1);
+#endif
+#else
+ if (isc_fips_mode()) {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ return (0);
+#else
+ return (1);
+#endif
+ }
+ return (0);
+#endif
+ }
+
if (strcmp(argv[1], "--have-fips-mode") == 0) {
#if defined(ENABLE_FIPS_MODE)
return (0);