build: introduce --openssl-is-fips flag (!25412) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/danbev/crypto_dynlink_fips into master Jan 09, 2019

This commit introduces a new configuration flag named --openssl-is-fips which is intended to be used when linking against an OpenSSL library that is FIPS compatible.

The motivation for this is that Red Hat Enterprise Linux 8 (RHEL8) comes with OpenSSL 1.1.1 and includes FIPS support, and we would like to be able to dynamically link against this version and also have FIPS features enabled in node, like would be done when statically linking and using the --openssl-fips flag.

The suggestion here is to introduce a new flag:

$ ./configure --help
...
--openssl-is-fips specifies that the shared OpenSSL library is FIPS
                  compatible

This flag could be used in combination with the --shared-openssl flag:

$ ./configure --shared-openssl --openssl-is-fips

This will enable FIPS support in node and the runtime flags will be availalbe to enable FIPS (--enable-fips, --force-fips).

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
commit message follows commit guidelines

Admin message

Admin message

build: introduce --openssl-is-fips flag

Checklist

Merge request reports