diff options
| author | Tim Smith <tsmith84@gmail.com> | 2020-08-04 17:26:00 -0700 |
|---|---|---|
| committer | Tim Smith <tsmith84@gmail.com> | 2020-08-12 14:04:34 -0700 |
| commit | 2c56cfa702be410b052f5168e47c28a5f5f4740e (patch) | |
| tree | 25a1ca9b219505bb6e97449e1cdea16b6a626e5b | |
| parent | 798cac61accc035b51aaac25160bf1d5e9715252 (diff) | |
| download | chef-fips.tar.gz | |
Simplify how we detect fips in chef-config on *nix systemsfips
OpenSSL gives us a few methods for checking FIPS. OpenSSL.fips_mode checks for the explicitly set value and OpenSSL::OPENSSL_FIPS checks the system state. Confirmed on a RHEL box with FIPS enabled, Ubuntu, and macOS.
Signed-off-by: Tim Smith <tsmith@chef.io>
| -rw-r--r-- | chef-config/lib/chef-config/fips.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/chef-config/lib/chef-config/fips.rb b/chef-config/lib/chef-config/fips.rb index eb9e55afe6..7f3aa3e85c 100644 --- a/chef-config/lib/chef-config/fips.rb +++ b/chef-config/lib/chef-config/fips.rb @@ -46,8 +46,8 @@ module ChefConfig false end else - fips_path = "/proc/sys/crypto/fips_enabled" - File.exist?(fips_path) && File.read(fips_path).chomp != "0" + require "openssl" unless defined?(OpenSSL) + OpenSSL::OPENSSL_FIPS end end end |