Disable FIPS mode when RADIUS is being used

Tue Feb 25 03:44:17 PST 2025

On Feb 24, 2025, at 5:49 PM, Lee Harding <somerandomstring at gmail.com> wrote:
> Since FIPS mode also impacts certificate validation, could this be more narrowly targeted than disabling it for the entire process?  I suppose it may not matter given that disabling it anywhere probably obviates the value of it (compliance) everywhere.

  The other option is more invasive. .  The code would have to check if FIPS was enabled, and if so, switch out to using the internal MD5 functions.

  That would also mean changing the names of the internal MD5 functions to avoid conflict with the OpenSSL ones.  And then plumbing those names into the OpenSSL functions.

  So these patches don't change a lot of code, but they do change a lot of behavior.   Patches which have fewer side effects would be more substantial.  I'll see what I can do.

  Alan DeKok.