diff --git a/config/software/openssl.rb b/config/software/openssl.rb index 4b51307361..ec1e93a1f7 100644 --- a/config/software/openssl.rb +++ b/config/software/openssl.rb @@ -220,6 +220,24 @@ # Updating the openssl.cnf file to enable the fips provider command "sed -i -e 's|# .include fipsmodule.cnf|.include #{fips_cnf_file}|g' #{install_dir}/embedded/ssl/openssl.cnf" command "sed -i -e 's|# fips = fips_sect|fips = fips_sect|g' #{install_dir}/embedded/ssl/openssl.cnf" + contents=File.read("#{install_dir}/embedded/ssl/openssl.cnf") + new_file=[] + comment_next = false + contents.each_line do |line| + if comment_next + line.gsub!(/^/, "#") + comment_next = false + end + new_file << line + if line.include?('[default_sect]') + comment_next = true + end + end + File.open("#{install_dir}/embedded/ssl/openssl.cnf", "wt") do |f| + new_file.each do |line| + f.puts line + end + end # command "sed -i -e 's|default = default_sect|#default = default_sect|g' #{install_dir}/embedded/ssl/openssl.cnf" # this might be unnecessary command "#{windows? ? 'Perl.exe' : ''} ./util/wrap.pl -fips #{install_dir}/embedded/bin/openssl list -provider-path providers -provider fips -providers" end