From e436c963f0976b885a7db04681344779e26dd3b5 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Wed, 23 Apr 2014 09:56:37 +0200 Subject: Update OpenSSL to 1.0.1g and statically link OpenVPN with it --- main/openssl/crypto/pkcs12/p12_crt.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'main/openssl/crypto/pkcs12/p12_crt.c') diff --git a/main/openssl/crypto/pkcs12/p12_crt.c b/main/openssl/crypto/pkcs12/p12_crt.c index 96b131de..a34915d0 100644 --- a/main/openssl/crypto/pkcs12/p12_crt.c +++ b/main/openssl/crypto/pkcs12/p12_crt.c @@ -90,7 +90,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, /* Set defaults */ if (!nid_cert) + { +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else +#endif nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; + } if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; if (!iter) -- cgit v1.2.3