From f0d3ffd5ece7b437f0019a0171d132767b21add5 Mon Sep 17 00:00:00 2001
From: Matt Wrock <matt@mattwrock.com>
Date: Wed, 22 Jun 2016 21:40:53 -0700
Subject: turn off fips with an empty environment var

---
 chef-config/lib/chef-config/config.rb |  6 +++++-
 chef-config/spec/unit/config_spec.rb  | 10 ++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb
index 568467456f..eb2ad41830 100644
--- a/chef-config/lib/chef-config/config.rb
+++ b/chef-config/lib/chef-config/config.rb
@@ -519,7 +519,11 @@ module ChefConfig
 
     # Set to true if Chef is to set OpenSSL to run in FIPS mode
     default(:fips) do
-      !ENV["CHEF_FIPS"].nil? || ChefConfig.fips?
+      if ENV["CHEF_FIPS"] == ""
+        false
+      else
+        !ENV["CHEF_FIPS"].nil? || ChefConfig.fips?
+      end
     end
 
     # Initialize openssl
diff --git a/chef-config/spec/unit/config_spec.rb b/chef-config/spec/unit/config_spec.rb
index f09dbb517a..0ddb56cf0d 100644
--- a/chef-config/spec/unit/config_spec.rb
+++ b/chef-config/spec/unit/config_spec.rb
@@ -186,6 +186,16 @@ RSpec.describe ChefConfig::Config do
             expect(ChefConfig::Config[:fips]).to eq(false)
           end
 
+          context "when ENV['CHEF_FIPS'] is empty" do
+            before do
+              ENV["CHEF_FIPS"] = ""
+            end
+
+            it "returns false" do
+              expect(ChefConfig::Config[:fips]).to eq(false)
+            end
+          end
+
           context "when ENV['CHEF_FIPS'] is set" do
             before do
               ENV["CHEF_FIPS"] = "1"
-- 
cgit v1.2.1