Hi, This patch:
commit f12e856de21a3dd1ca3d49946c3902 a04cf9ec70 Author: Paul Wouters <[email protected]> Date: Fri Mar 6 10:06:52 2015 -0500 FIPS: Do not allow PSK in FIPS mode (submitted patch badly merged in) This was merged in wrong years ago in upstream openswan, so only RHEL6 versions of openswan properly enforced this. which is about lines like: ifeq ($(USE_FIPSCHECK),true) CFLAGS+=-DFIPS_CHECK endif littered through the Makefiles prompts the question. Should we simply move all of these to mk/config.mk? Baring objections, I'll build/test/push this Monday. As they say, this should be safe ... Andrew PS: It doesn't include things like this: ifeq ($(USE_LINUX_AUDIT),true) LIBSPLUTO += -laudit endif or this: ifeq ($(USE_NETKEY),true) # Linux always supports udpfromto UDPFROMTO_SRCS=udpfromto.c endif
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
