mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 06:01:37 +08:00
506ff20662
Currently, a provider is activated from our config file using the activate parameter. However, the presence of the config parameter is sufficient to trigger activation, leading to a counterintuitive situation in which setting "activate = 0" still activates the provider Make activation more intuitive by requiring that activate be set to one of yes|true|1 to trigger activation. Any other value, as well as omitting the parameter entirely, prevents activation (and also maintains backward compatibility. It seems a bit heavyweight to create a test specifically to validate the plurality of these settings. Instead, modify the exiting openssl config files in the test directory to use variants of these settings, and augment the default.cnf file to include a provider section that is explicitly disabled Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22906)
17 lines
266 B
INI
17 lines
266 B
INI
openssl_conf = openssl_init
|
|
|
|
# Comment out the next line to ignore configuration errors
|
|
config_diagnostics = 1
|
|
|
|
.include fipsmodule.cnf
|
|
|
|
[openssl_init]
|
|
providers = provider_sect
|
|
|
|
[provider_sect]
|
|
default = default_sect
|
|
fips = fips_sect
|
|
|
|
[default_sect]
|
|
activate = yes
|