I've pushed this. On 6 March 2015 at 12:21, Andrew Cagney <[email protected]> wrote:
> Hi, > > This patch: > > commit f12e856de21a3dd1ca3d49946c3902 > a04cf9ec70 > Author: Paul Wouters <[email protected]> > Date: Fri Mar 6 10:06:52 2015 -0500 > > FIPS: Do not allow PSK in FIPS mode (submitted patch badly merged in) > > This was merged in wrong years ago in upstream openswan, so only > RHEL6 versions of openswan properly enforced this. > > which is about lines like: > > ifeq ($(USE_FIPSCHECK),true) > CFLAGS+=-DFIPS_CHECK > endif > > littered through the Makefiles prompts the question. Should we simply > move all of these to mk/config.mk? > > Baring objections, I'll build/test/push this Monday. As they say, this > should be safe ... > > Andrew > > PS: It doesn't include things like this: > > ifeq ($(USE_LINUX_AUDIT),true) > LIBSPLUTO += -laudit > endif > > or this: > > ifeq ($(USE_NETKEY),true) > # Linux always supports udpfromto > UDPFROMTO_SRCS=udpfromto.c > endif > >
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
