OpenSSL: Report -fips in version if OpenSSL is built with FIPS

Older versions of OpenSSL report FIPS availabilty via an OPENSSL_FIPS define. It uses this define to determine whether to publish -fips at the end of the version displayed. Applications that utilize the version reported by OpenSSL will see a mismatch if they compare it to what curl reports, as curl is not modifying the version in the same way. This change simply adds a check to see if OPENSSL_FIPS is defined, and will alter the reported version to match what OpenSSL itself provides. This only appears to be applicable in versions of OpenSSL <1.1.1 Closes #3771
author: Ricky Leverence <rleverence@godaddy.com> 2019-04-12 11:53:12 -0700
committer: Daniel Stenberg <daniel@haxx.se> 2019-05-08 09:30:15 +0200
commit: 3a03e59048d6b3e62f56baf4b4bd0cba5f26fe17 (patch)
tree: adacfa8990946888d916cc02e5e8a3cf86fd6583
parent: 191ffd07082322cdfd4ca4581f39160166534405 (diff)
download: curl-3a03e59048d6b3e62f56baf4b4bd0cba5f26fe17.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index e50f929ef..9b1b5d3be 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3826,7 +3826,11 @@ static size_t Curl_ossl_version(char *buffer, size_t size)
       sub[0]='\0';
   }
 
-  return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s",
+  return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s"
+#ifdef OPENSSL_FIPS
+                   "-fips"
+#endif
+                   ,
                    OSSL_PACKAGE,
                    (ssleay_value>>28)&0xf,
                    (ssleay_value>>20)&0xff,
author	Ricky Leverence <rleverence@godaddy.com>	2019-04-12 11:53:12 -0700
committer	Daniel Stenberg <daniel@haxx.se>	2019-05-08 09:30:15 +0200
commit	3a03e59048d6b3e62f56baf4b4bd0cba5f26fe17 (patch)
tree	adacfa8990946888d916cc02e5e8a3cf86fd6583
parent	191ffd07082322cdfd4ca4581f39160166534405 (diff)
download	curl-3a03e59048d6b3e62f56baf4b4bd0cba5f26fe17.tar.gz