Add config_diagnostics to our configuration files.

The change to a more configuration based approach to enable FIPS mode operation highlights a shortcoming in the default should do something approach we've taken for bad configuration files. Currently, a bad configuration file will be automatically loaded and once the badness is detected, it will silently stop processing the configuration and continue normal operations. This is good for remote servers, allowing changes to be made without bricking things. It's bad when a user thinks they've configured what they want but got something wrong and it still appears to work. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16171)
author: Pauli <pauli@openssl.org> 2021-07-29 09:55:09 +1000
committer: Pauli <pauli@openssl.org> 2021-08-04 08:15:14 +1000
commit: 92c03668c0cd77434006b613e3429888a0a8ecfe (patch)
tree: ef15d575c88ddc3ec5f88c7696849419012fcfe3 /test/fips.cnf
parent: 6b38d7dc1bccc708279ca5091ebc28cd4bdf225d (diff)
download: openssl-new-92c03668c0cd77434006b613e3429888a0a8ecfe.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/test/fips.cnf b/test/fips.cnf
index fa131a8bf6..74349c80ae 100644
--- a/test/fips.cnf
+++ b/test/fips.cnf
@@ -1,5 +1,8 @@
 openssl_conf = openssl_init
 
+# Comment out the next line to ignore configuration errors
+config_diagnostics = 1
+
 .include fipsmodule.cnf
 
 [openssl_init]
author	Pauli <pauli@openssl.org>	2021-07-29 09:55:09 +1000
committer	Pauli <pauli@openssl.org>	2021-08-04 08:15:14 +1000
commit	92c03668c0cd77434006b613e3429888a0a8ecfe (patch)
tree	ef15d575c88ddc3ec5f88c7696849419012fcfe3 /test/fips.cnf
parent	6b38d7dc1bccc708279ca5091ebc28cd4bdf225d (diff)
download	openssl-new-92c03668c0cd77434006b613e3429888a0a8ecfe.tar.gz