From 15fca1a6e393d81728006e307e5d1df5b678c6e9 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 21 Feb 2007 18:16:25 +0000
Subject: Include big warning message if test fipscanister.o compilation option
 used.

---
 Configure | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/Configure b/Configure
index c5ba750047..8cbb4b2e06 100755
--- a/Configure
+++ b/Configure
@@ -843,6 +843,16 @@ PROCESS_ARGS:
 			# The check for the option is there so scripts aren't
 			# broken
 			}
+		elsif (/^nofipscanistercheck$/)
+			{
+			$nofipscanistercheck = 1;
+			}
+		elsif (/^fipscanisterbuild$/)
+			{
+			$nofipscanistercheck = 1;
+			$fipslibdir="";
+			$fipscanisterinternal="y";
+			}
 		elsif (/^[-+]/)
 			{
 			if (/^-[lL](.*)$/)
@@ -873,16 +883,6 @@ PROCESS_ARGS:
 				{
 				$withargs{"zlib-lib"}=$1;
 				}
-			elsif (/^--nofipscanistercheck$/)
-				{
-				$nofipscanistercheck = 1;
-				}
-			elsif (/^--fipscanisterbuild$/)
-				{
-				$nofipscanistercheck = 1;
-				$fipslibdir="";
-				$fipscanisterinternal="y";
-				}
 			elsif (/^--with-fipslibdir=(.*)$/)
 				{
 				$fipslibdir="$1/";
@@ -1640,6 +1640,17 @@ libraries on this platform, they will at least look at it and try their best
 (but please first make sure you have tried with a current version of OpenSSL).
 EOF
 
+print <<\EOF if ($fipscanisterinternal);
+
+WARNING: OpenSSL has been configured using unsupported option(s) to internally
+generate a fipscanister.o object module for TESTING PURPOSES ONLY; that
+compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the
+OpenSSL FIPS Object Module as identified by the CMVP
+(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS
+140-2 validated software. 
+
+EOF
+
 exit(0);
 
 sub usage
-- 
cgit v1.2.3