build: introduce --openssl-is-fips flag

This commit introduces a new configuration flag named --openssl-is-fips which is intended to be used when linking against an OpenSSL library that is FIPS compatible. The motivation for this is that Red Hat Enterprise Linux 8 (RHEL8) comes with OpenSSL 1.1.1 and includes FIPS support, and we would like to be able to dynamically link against this version and also have FIPS features enabled in node, like would be done when statically linking and using the --openssl-fips flag. The suggestion here is to introduce a new flag: $ ./configure --help ... --openssl-is-fips specifies that the shared OpenSSL version is FIPS compatible This flag could be used in combination with the shared-openssl flag: $ ./configure --shared-openssl ---openssl-is-fips This will enable FIPS support in node and the runtime flags will be availalbe to enable FIPS (--enable-fips, --force-fips). PR-URL: https://github.com/nodejs/node/pull/25412 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
author: Daniel Bevenius <daniel.bevenius@gmail.com> 2019-01-09 11:54:08 +0100
committer: Daniel Bevenius <daniel.bevenius@gmail.com> 2019-01-17 05:25:36 +0100
commit: 7e7266a80325fb10616f3a4cf885fb40b49c9352 (patch)
tree: 842a17dba3421b3251c90cb67bbc95f6363a7d5a
parent: b7bbd871afb7e0bc02b92ebdbd785371439e5295 (diff)
download: node-new-7e7266a80325fb10616f3a4cf885fb40b49c9352.tar.gz
2 files changed, 7 insertions, 1 deletions
diff --git a/configure.py b/configure.py
index 90630f7bd0..8cb4c58c21 100755
--- a/configure.py
+++ b/configure.py
@@ -173,6 +173,11 @@ parser.add_option('--openssl-fips',
     dest='openssl_fips',
     help='Build OpenSSL using FIPS canister .o file in supplied folder')
 
+parser.add_option('--openssl-is-fips',
+    action='store_true',
+    dest='openssl_is_fips',
+    help='specifies that the OpenSSL library is FIPS compatible')
+
 parser.add_option('--openssl-use-def-ca-store',
     action='store_true',
     dest='use_openssl_ca_store',
@@ -1187,6 +1192,7 @@ def configure_openssl(o):
   variables = o['variables']
   variables['node_use_openssl'] = b(not options.without_ssl)
   variables['node_shared_openssl'] = b(options.shared_openssl)
+  variables['openssl_is_fips'] = b(options.openssl_is_fips)
   variables['openssl_fips'] = ''
 
   if options.openssl_no_asm:
diff --git a/node.gypi b/node.gypi
index f6787e5ad8..d4b3c9c8d7 100644
--- a/node.gypi
+++ b/node.gypi
@@ -315,7 +315,7 @@
     [ 'node_use_openssl=="true"', {
       'defines': [ 'HAVE_OPENSSL=1' ],
       'conditions': [
-        ['openssl_fips != ""', {
+        ['openssl_fips != "" or openssl_is_fips=="true"', {
           'defines': [ 'NODE_FIPS_MODE' ],
         }],
         [ 'node_shared_openssl=="false"', {
author	Daniel Bevenius <daniel.bevenius@gmail.com>	2019-01-09 11:54:08 +0100
committer	Daniel Bevenius <daniel.bevenius@gmail.com>	2019-01-17 05:25:36 +0100
commit	7e7266a80325fb10616f3a4cf885fb40b49c9352 (patch)
tree	842a17dba3421b3251c90cb67bbc95f6363a7d5a
parent	b7bbd871afb7e0bc02b92ebdbd785371439e5295 (diff)
download	node-new-7e7266a80325fb10616f3a4cf885fb40b49c9352.tar.gz