From 4fce754f9b603664501ac4ee982988fb264d20f2 Mon Sep 17 00:00:00 2001
From: emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 20 Dec 2012 07:00:11 +0000
Subject: * ext/openssl/ossl.c: do not use FIPS_mode_set if not available. *
 test/openssl/utils.rb: revise comment about setting FIPS mode to   false. *
 test/openssl/test_fips.rb: remove tests that cause errors on   ruby-ci.  
 [Feature #6946] [ruby-core:47345]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38491 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/openssl/ossl.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'ext/openssl/ossl.c')

diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index 9d14ca6110..1fae594028 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -440,6 +440,8 @@ ossl_debug_set(VALUE self, VALUE val)
 static VALUE
 ossl_fips_mode_set(VALUE self, VALUE enabled)
 {
+
+#ifdef HAVE_OPENSSL_FIPS
     if RTEST(enabled) {
 	int mode = FIPS_mode();
 	if(!mode && !FIPS_mode_set(1)) /* turning on twice leads to an error */
@@ -449,6 +451,11 @@ ossl_fips_mode_set(VALUE self, VALUE enabled)
 	    ossl_raise(eOSSLError, "Turning off FIPS mode failed");
     }
     return enabled;
+#else
+    if RTEST(enabled)
+	ossl_raise(eOSSLError, "This version of OpenSSL does not support FIPS mode");
+    return enabled;
+#endif
 }
 
 /*
-- 
cgit v1.2.3