Issue #6946 has been updated by MartinBosslet (Martin Bosslet).


OK, finally got it working. I added OpenSSL.fips_mode= to enable/disable FIPS mode manually. The test suite now automatically disables FIPS mode when running the tests. This worked for my FIPS-enabled version of OpenSSL. I have also added a few tests that specifically assert some things that would be expected to fail in FIPS mode (test_fips.rb).

@Vit: Could you please confirm that this works for you, too?

@mame: Sorry that I committed this to 2.0.0 even if you already assigned it for next minor. But I felt the approach to adding FIPS support so far was flawed (my mistake) and I wouldn't want a half-assed implementation see to make its way into 2.0.0 - I hope this is OK? 
----------------------------------------
Feature #6946: FIPS support?
https://bugs.ruby-lang.org/issues/6946#change-34880

Author: vo.x (Vit Ondruch)
Status: Closed
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: next minor


=begin
Hi, running the test suite on FIPS enabled system using 

 $ find test/ -type f -name test_*.rb -exec make test-all TESTS="-v '{}'" \;

command with patch from #6938 applied, it gives me a plenty of errors (see attached output.txt file). There are two kind of errors as far as I understand, some are more or less test suite errors (e.g. #6938), which should be easy to fix, while some others (e.g. #6943) would need bigger changes.

Is there any chance that Ruby will provide better support for FIPS and there errors get fixed?
=end



-- 
http://bugs.ruby-lang.org/