<div dir="ltr">I've pushed this.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On 6 March 2015 at 12:21, Andrew Cagney <span dir="ltr"><<a href="mailto:andrew.cagney@gmail.com" target="_blank">andrew.cagney@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Hi,<br><br></div>This patch:<br><br>commit f12e856de21a3dd1ca3d49946c3902<div>a04cf9ec70<br>
Author: Paul Wouters <<a href="mailto:pwouters@redhat.com" target="_blank">pwouters@redhat.com</a>><br>
Date: Fri Mar 6 10:06:52 2015 -0500<br>
<br>
FIPS: Do not allow PSK in FIPS mode (submitted patch badly merged in)<br>
<br>
This was merged in wrong years ago in upstream openswan, so only<br>
RHEL6 versions of openswan properly enforced this.<br><br></div><div>which is about lines like:<br><br>ifeq ($(USE_FIPSCHECK),true)<br>CFLAGS+=-DFIPS_CHECK<br>endif<br><br>
</div>littered through the Makefiles prompts the question. Should we simply move all of these to mk/<a href="http://config.mk" target="_blank">config.mk</a>?<br><br></div><div>Baring objections, I'll build/test/push this Monday. As they say, this should be safe ...<br><br></div><div>Andrew<br><br></div><div>PS: It doesn't include things like this:<br><br>ifeq ($(USE_LINUX_AUDIT),true)<br>LIBSPLUTO += -laudit<br>endif<br><br></div><div>or this:<br></div><div><br>ifeq ($(USE_NETKEY),true)<br># Linux always supports udpfromto<br>UDPFROMTO_SRCS=udpfromto.c<br>endif<br><br></div></div>
</blockquote></div><br></div>