From 81676bfa36c68b1247f0e08b666e33c3e3875755 Mon Sep 17 00:00:00 2001
From: Eric Milkie <milkie@10gen.com>
Date: Tue, 29 Jul 2014 16:45:23 -0400
Subject: SERVER-9482 add flag to enable activation of FIPS mode (off by
 default)

---
 src/mongo/util/net/ssl_manager.cpp | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
index 830d755c326..7dfb632e09f 100644
--- a/src/mongo/util/net/ssl_manager.cpp
+++ b/src/mongo/util/net/ssl_manager.cpp
@@ -546,17 +546,19 @@ namespace mongo {
 
     void SSLManager::_setupFIPS() {
         // Turn on FIPS mode if requested.
-#ifdef OPENSSL_FIPS
+        // OPENSSL_FIPS must be defined by the OpenSSL headers, plus MONGO_SSL_FIPS
+        // must be defined via a MongoDB build flag.
+#if defined(OPENSSL_FIPS) && defined(MONGO_SSL_FIPS)
         int status = FIPS_mode_set(1);
         if (!status) {
-            error() << "can't activate FIPS mode: " << 
+            severe() << "can't activate FIPS mode: " << 
                 getSSLErrorMessage(ERR_get_error()) << endl;
-            fassertFailed(16703);
+            fassertFailedNoTrace(16703);
         }
         log() << "FIPS 140-2 mode activated" << endl;
 #else
-        error() << "this version of mongodb was not compiled with FIPS support";
-        fassertFailed(17089);
+        severe() << "this version of mongodb was not compiled with FIPS support";
+        fassertFailedNoTrace(17089);
 #endif
     }
 
-- 
cgit v1.2.1