diff options
author | Eric Milkie <milkie@10gen.com> | 2014-07-29 16:45:23 -0400 |
---|---|---|
committer | Eric Milkie <milkie@10gen.com> | 2014-07-29 16:45:26 -0400 |
commit | 81676bfa36c68b1247f0e08b666e33c3e3875755 (patch) | |
tree | 42e3c5c5c4563c897a995e9283d31ff2c165f908 /src | |
parent | c7590ac4ec54f52af224248f83a4f722b0abf319 (diff) | |
download | mongo-81676bfa36c68b1247f0e08b666e33c3e3875755.tar.gz |
SERVER-9482 add flag to enable activation of FIPS mode (off by default)
Diffstat (limited to 'src')
-rw-r--r-- | src/mongo/util/net/ssl_manager.cpp | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp index 830d755c326..7dfb632e09f 100644 --- a/src/mongo/util/net/ssl_manager.cpp +++ b/src/mongo/util/net/ssl_manager.cpp @@ -546,17 +546,19 @@ namespace mongo { void SSLManager::_setupFIPS() { // Turn on FIPS mode if requested. -#ifdef OPENSSL_FIPS + // OPENSSL_FIPS must be defined by the OpenSSL headers, plus MONGO_SSL_FIPS + // must be defined via a MongoDB build flag. +#if defined(OPENSSL_FIPS) && defined(MONGO_SSL_FIPS) int status = FIPS_mode_set(1); if (!status) { - error() << "can't activate FIPS mode: " << + severe() << "can't activate FIPS mode: " << getSSLErrorMessage(ERR_get_error()) << endl; - fassertFailed(16703); + fassertFailedNoTrace(16703); } log() << "FIPS 140-2 mode activated" << endl; #else - error() << "this version of mongodb was not compiled with FIPS support"; - fassertFailed(17089); + severe() << "this version of mongodb was not compiled with FIPS support"; + fassertFailedNoTrace(17089); #endif } |