[Fedora-directory-commits] mod_nss nss_engine_pphrase.c,1.11,1.12
Robert Crittenden (rcritten)
fedora-directory-commits at redhat.com
Wed Jul 2 14:54:40 UTC 2008
Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19692
Modified Files:
nss_engine_pphrase.c
Log Message:
Don't allow blank passwords if FIPS is enabled. This is not allowed
by the NSS FIPS 140-2 security policy.
Index: nss_engine_pphrase.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_pphrase.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- nss_engine_pphrase.c 16 May 2008 15:16:02 -0000 1.11
+++ nss_engine_pphrase.c 2 Jul 2008 14:54:37 -0000 1.12
@@ -335,7 +335,12 @@
fprintf(output, "non-alphabetic characters\n");
continue;
}
- return (char*) PORT_Strdup((char*)phrase);
+ if (PK11_IsFIPS() && strlen(phrase) == 0) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
+ "The FIPS security policy requires that a password be set.");
+ nss_die();
+ } else
+ return (char*) PORT_Strdup((char*)phrase);
}
}
More information about the Fedora-directory-commits
mailing list