lordgamez commented on code in PR #1950:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1950#discussion_r2012695392
##########
CONFIGURE.md:
##########
@@ -938,7 +943,15 @@ To enable FIPS support, and use MiNiFi C++ in FIPS
compliant mode, there are a f
# in minifi.properties
nifi.openssl.fips.support.enable=true
-Before first starting the application, the fipsmodule.cnf needs to be
generated. To do this run the following command with the openssl binary
(openssl on Unix and openssl.exe on windows) with the following parameters
provided in the $MINIFI_HOME/fips directory:
+Before first starting the application, the fipsmodule.cnf needs to be
generated. This can be done in two ways, either automatically or manually.
+
+#### Generating the fipsmodule.cnf file automatically
+
+If the application is started with the nifi.openssl.fips.support.enable
property set to true, and the fipsmodule.cnf file is not found in the
$MINIFI_HOME/fips directory, the application will try to generate the
fipsmodule.cnf file automatically. This is done by running the manual steps
described in the next section, but this is done from the MiNiFi C++ process
before loading the OpenSSL configuration. If the automatic generation is
successful, the application will start in FIPS mode.
+
+#### Generating the fipsmodule.cnf file manually
Review Comment:
I think if the auto-generation fails for some reason (like the self-tests
fail) it's good to see how the manual steps are done to reproduce and debug the
issue.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
