hoelee/cloudflared
1
0
Fork 0
mirror of https://github.com/cloudflare/cloudflared.git synced 2025-07-27 15:39:58 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

TUN-5549: Revert "TUN-5277: Ensure cloudflared binary is FIPS compliant on linux amd64"

Browse Source 
This reverts commit 157f5d1412.

FIPS compliant binaries (for linux/amd64) are causing HTTPS origins to not
be reachable by cloudflared in certain cases (e.g. with Let's Encrypt certificates).

Origins that are not HTTPS for cloudflared are not affected.
This commit is contained in:
Nuno Diegues
2021-12-16 00:26:05 +00:00
parent 8d41f99f2f
commit 2dc5f6ec8c
5 changed files with 34 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
check-fips.sh
View File

@@ -1,15 +0,0 @@
# Pass the path to the executable to check for FIPS compliance
exe=$1
if [ "$(go tool nm "${exe}" | grep -c '_Cfunc__goboringcrypto_')" -eq 0 ]; then
# Asserts that executable is using FIPS-compliant boringcrypto
echo "${exe}: missing goboring symbols" >&2
exit 1
fi
if [ "$(go tool nm "${exe}" | grep -c 'crypto/internal/boring/sig.FIPSOnly')" -eq 0 ]; then
# Asserts that executable is using FIPS-only schemes
echo "${exe}: missing fipsonly symbols" >&2
exit 1
fi
echo "${exe} is FIPS-compliant"