SERVER-9482 add flag to enable activation of FIPS mode (off by default)

author: Eric Milkie <milkie@10gen.com> 2014-07-29 16:45:23 -0400
committer: Eric Milkie <milkie@10gen.com> 2014-07-29 16:45:26 -0400
commit: 81676bfa36c68b1247f0e08b666e33c3e3875755 (patch)
tree: 42e3c5c5c4563c897a995e9283d31ff2c165f908 /src
parent: c7590ac4ec54f52af224248f83a4f722b0abf319 (diff)
download: mongo-81676bfa36c68b1247f0e08b666e33c3e3875755.tar.gz
1 files changed, 7 insertions, 5 deletions
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
index 830d755c326..7dfb632e09f 100644
--- a/src/mongo/util/net/ssl_manager.cpp
+++ b/src/mongo/util/net/ssl_manager.cpp
@@ -546,17 +546,19 @@ namespace mongo {
 
     void SSLManager::_setupFIPS() {
         // Turn on FIPS mode if requested.
-#ifdef OPENSSL_FIPS
+        // OPENSSL_FIPS must be defined by the OpenSSL headers, plus MONGO_SSL_FIPS
+        // must be defined via a MongoDB build flag.
+#if defined(OPENSSL_FIPS) && defined(MONGO_SSL_FIPS)
         int status = FIPS_mode_set(1);
         if (!status) {
-            error() << "can't activate FIPS mode: " << 
+            severe() << "can't activate FIPS mode: " << 
                 getSSLErrorMessage(ERR_get_error()) << endl;
-            fassertFailed(16703);
+            fassertFailedNoTrace(16703);
         }
         log() << "FIPS 140-2 mode activated" << endl;
 #else
-        error() << "this version of mongodb was not compiled with FIPS support";
-        fassertFailed(17089);
+        severe() << "this version of mongodb was not compiled with FIPS support";
+        fassertFailedNoTrace(17089);
 #endif
     }
author	Eric Milkie <milkie@10gen.com>	2014-07-29 16:45:23 -0400
committer	Eric Milkie <milkie@10gen.com>	2014-07-29 16:45:26 -0400
commit	81676bfa36c68b1247f0e08b666e33c3e3875755 (patch)
tree	42e3c5c5c4563c897a995e9283d31ff2c165f908 /src
parent	c7590ac4ec54f52af224248f83a4f722b0abf319 (diff)
download	mongo-81676bfa36c68b1247f0e08b666e33c3e3875755.tar.gz