turn off fips with an empty environment var

author: Matt Wrock <matt@mattwrock.com> 2016-06-23 15:10:55 -0700
committer: Matt Wrock <matt@mattwrock.com> 2016-06-23 15:10:55 -0700
commit: fbd47fb65265ebbe0cc536cc8ab087a5775b08b3 (patch)
tree: 47dfd8974560f4617478e5670e2190a659e3d4e6 /chef-config/lib/chef-config/config.rb
parent: 72ac27e97e8d2b3540a637f2833a902e6cb4ef37 (diff)
download: chef-fbd47fb65265ebbe0cc536cc8ab087a5775b08b3.tar.gz
1 files changed, 10 insertions, 1 deletions
diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb
index 568467456f..094c8641a3 100644
--- a/chef-config/lib/chef-config/config.rb
+++ b/chef-config/lib/chef-config/config.rb
@@ -519,7 +519,16 @@ module ChefConfig
 
     # Set to true if Chef is to set OpenSSL to run in FIPS mode
     default(:fips) do
-      !ENV["CHEF_FIPS"].nil? || ChefConfig.fips?
+      # CHEF_FIPS is used in testing to override checking for system level
+      # enablement. There are 3 possible values that this variable may have:
+      # nil - no override and the system will be checked
+      # empty - FIPS is NOT enabled
+      # a non empty value - FIPS is enabled
+      if ENV["CHEF_FIPS"] == ""
+        false
+      else
+        !ENV["CHEF_FIPS"].nil? || ChefConfig.fips?
+      end
     end
 
     # Initialize openssl
author	Matt Wrock <matt@mattwrock.com>	2016-06-23 15:10:55 -0700
committer	Matt Wrock <matt@mattwrock.com>	2016-06-23 15:10:55 -0700
commit	fbd47fb65265ebbe0cc536cc8ab087a5775b08b3 (patch)
tree	47dfd8974560f4617478e5670e2190a659e3d4e6 /chef-config/lib/chef-config/config.rb
parent	72ac27e97e8d2b3540a637f2833a902e6cb4ef37 (diff)
download	chef-fbd47fb65265ebbe0cc536cc8ab087a5775b08b3.tar.gz