diff options
author | Jun Aruga <jaruga@redhat.com> | 2023-03-16 17:19:19 +0100 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2023-05-19 09:25:10 +0900 |
commit | 741a3bd5a547324be0d267bd77c3f5f2415c8c60 (patch) | |
tree | b64d4876db3f323699481ca2c7b606b9f948d3a0 /test | |
parent | 94a513b08f616e0289f2fb4688659143d85f56ad (diff) |
[ruby/openssl] CI: Add OpenSSL FIPS mode case.
test/openssl/fixtures/ssl/openssl_fips.cnf.tmpl:
I referred to the following document for the openssl config file for FIPS mode.
<https://www.openssl.org/docs/manmaster/man7/fips_module.html>
- Making all applications use the FIPS module by default
It seems that the `.include` syntax only requires the absolute path.
So, the placeholder OPENSSL_DIR in the template file is replaced with the
actual OpenSSL directory.
.github/workflows/test.yml:
The `TEST_RUBY_OPENSSL_FIPS_ENABLED` environment variable is set
in the FIPS mode CI case. It can be used in the unit tests.
https://github.com/ruby/openssl/commit/18b017218c
Diffstat (limited to 'test')
-rw-r--r-- | test/openssl/fixtures/ssl/openssl_fips.cnf.tmpl | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/test/openssl/fixtures/ssl/openssl_fips.cnf.tmpl b/test/openssl/fixtures/ssl/openssl_fips.cnf.tmpl new file mode 100644 index 0000000000..be0768d523 --- /dev/null +++ b/test/openssl/fixtures/ssl/openssl_fips.cnf.tmpl @@ -0,0 +1,19 @@ +config_diagnostics = 1 +openssl_conf = openssl_init + +# It seems that the .include needs an absolute path. +.include OPENSSL_DIR/ssl/fipsmodule.cnf + +[openssl_init] +providers = provider_sect +alg_section = algorithm_sect + +[provider_sect] +fips = fips_sect +base = base_sect + +[base_sect] +activate = 1 + +[algorithm_sect] +default_properties = fips=yes |