doc: documented the GNUTLS_NO_FIPS140_MODEtmp-fips140-explicit-disable

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-12-05 10:24:54 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-12-05 14:06:39 +0100
commit: 51929ed42932817d1eb0687928b6352f3fc4c268 (patch)
tree: 9613d2b34f26834a54f1e926b7916d6193a2b84e
parent: 315e197571f4587e1a01ddc6407e1b036fec0889 (diff)
download: gnutls-tmp-fips140-explicit-disable.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi
index 9c74a24114..b9a3b73bbb 100644
--- a/doc/cha-internals.texi
+++ b/doc/cha-internals.texi
@@ -699,3 +699,14 @@ mode, when set to '0' will force a disable of it.
 
 On runtime an application can verify whether the library is in FIPS140-2
 using the @funcref{gnutls_fips140_mode_enabled} function.
+
+Applications can explicitly opt-out from FIPS140-2 mode globally by using
+the macro @code{GNUTLS_NO_FIPS140_MODE} once in their code.
+
+@example
+#include <gnutls/gnutls.h>
+
+GNUTLS_NO_FIPS140_MODE
+
+int main()
+@end example
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-12-05 10:24:54 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-12-05 14:06:39 +0100
commit	51929ed42932817d1eb0687928b6352f3fc4c268 (patch)
tree	9613d2b34f26834a54f1e926b7916d6193a2b84e
parent	315e197571f4587e1a01ddc6407e1b036fec0889 (diff)
download	gnutls-tmp-fips140-explicit-disable.tar.gz