# The check for the option is there so scripts aren't
# broken
}
+ elsif (/^nofipscanistercheck$/)
+ {
+ $nofipscanistercheck = 1;
+ }
+ elsif (/^fipscanisterbuild$/)
+ {
+ $nofipscanistercheck = 1;
+ $fipslibdir="";
+ $fipscanisterinternal="y";
+ }
elsif (/^[-+]/)
{
if (/^-[lL](.*)$/)
{
$withargs{"zlib-lib"}=$1;
}
- elsif (/^--nofipscanistercheck$/)
- {
- $nofipscanistercheck = 1;
- }
- elsif (/^--fipscanisterbuild$/)
- {
- $nofipscanistercheck = 1;
- $fipslibdir="";
- $fipscanisterinternal="y";
- }
elsif (/^--with-fipslibdir=(.*)$/)
{
$fipslibdir="$1/";
(but please first make sure you have tried with a current version of OpenSSL).
EOF
+print <<\EOF if ($fipscanisterinternal);
+
+WARNING: OpenSSL has been configured using unsupported option(s) to internally
+generate a fipscanister.o object module for TESTING PURPOSES ONLY; that
+compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the
+OpenSSL FIPS Object Module as identified by the CMVP
+(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS
+140-2 validated software.
+
+EOF
+
exit(0);
sub usage