From 741a3bd5a547324be0d267bd77c3f5f2415c8c60 Mon Sep 17 00:00:00 2001
From: Jun Aruga <jaruga@redhat.com>
Date: Thu, 16 Mar 2023 17:19:19 +0100
Subject: [ruby/openssl] CI: Add OpenSSL FIPS mode case.

test/openssl/fixtures/ssl/openssl_fips.cnf.tmpl:

I referred to the following document for the openssl config file for FIPS mode.
<https://www.openssl.org/docs/manmaster/man7/fips_module.html>
- Making all applications use the FIPS module by default

It seems that the `.include` syntax only requires the absolute path.
So, the placeholder OPENSSL_DIR in the template file is replaced with the
actual OpenSSL directory.

.github/workflows/test.yml:

The `TEST_RUBY_OPENSSL_FIPS_ENABLED` environment variable is set
in the FIPS mode CI case. It can be used in the unit tests.

https://github.com/ruby/openssl/commit/18b017218c
---
 test/openssl/fixtures/ssl/openssl_fips.cnf.tmpl | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 test/openssl/fixtures/ssl/openssl_fips.cnf.tmpl

(limited to 'test')

diff --git a/test/openssl/fixtures/ssl/openssl_fips.cnf.tmpl b/test/openssl/fixtures/ssl/openssl_fips.cnf.tmpl
new file mode 100644
index 0000000000..be0768d523
--- /dev/null
+++ b/test/openssl/fixtures/ssl/openssl_fips.cnf.tmpl
@@ -0,0 +1,19 @@
+config_diagnostics = 1
+openssl_conf = openssl_init
+
+# It seems that the .include needs an absolute path.
+.include OPENSSL_DIR/ssl/fipsmodule.cnf
+
+[openssl_init]
+providers = provider_sect
+alg_section = algorithm_sect
+
+[provider_sect]
+fips = fips_sect
+base = base_sect
+
+[base_sect]
+activate = 1
+
+[algorithm_sect]
+default_properties = fips=yes
-- 
cgit v1.2.3