diff options
author | Pauli <pauli@openssl.org> | 2021-07-29 09:55:09 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-08-04 08:15:14 +1000 |
commit | 92c03668c0cd77434006b613e3429888a0a8ecfe (patch) | |
tree | ef15d575c88ddc3ec5f88c7696849419012fcfe3 /test/ct | |
parent | 6b38d7dc1bccc708279ca5091ebc28cd4bdf225d (diff) | |
download | openssl-new-92c03668c0cd77434006b613e3429888a0a8ecfe.tar.gz |
Add config_diagnostics to our configuration files.
The change to a more configuration based approach to enable FIPS mode
operation highlights a shortcoming in the default should do something
approach we've taken for bad configuration files.
Currently, a bad configuration file will be automatically loaded and
once the badness is detected, it will silently stop processing the
configuration and continue normal operations. This is good for remote
servers, allowing changes to be made without bricking things. It's bad
when a user thinks they've configured what they want but got something
wrong and it still appears to work.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16171)
Diffstat (limited to 'test/ct')
-rw-r--r-- | test/ct/log_list.cnf | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/test/ct/log_list.cnf b/test/ct/log_list.cnf index 4b68e53558..b723b8c9f6 100644 --- a/test/ct/log_list.cnf +++ b/test/ct/log_list.cnf @@ -1,5 +1,8 @@ enabled_logs=test,pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + [test] description = https://github.com/google/certificate-transparency/tree/99218b6445906a81f219d84e9c6d2683e13e4e58/test/testdata key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmXg8sUUzwBYaWrRb+V0IopzQ6o3UyEJ04r5ZrRXGdpYM8K+hB0pXrGRLI0eeWz+3skXrS0IO83AhA3GpRL6s6w== |