diff options
Diffstat (limited to 'internal/boring/boring.go')
-rw-r--r-- | internal/boring/boring.go | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/internal/boring/boring.go b/internal/boring/boring.go index 0a59ec4a..e6d19aeb 100644 --- a/internal/boring/boring.go +++ b/internal/boring/boring.go @@ -9,10 +9,15 @@ import ( "gitlab.com/gitlab-org/labkit/log" ) +// CheckBoring checks whether FIPS crypto has been enabled. For the FIPS Go +// compiler in https://github.com/golang-fips/go, this requires that: +// +// 1. The kernel has FIPS enabled (e.g. `/proc/sys/crypto/fips_enabled` is 1). +// 2. A system OpenSSL can be dynamically loaded via ldopen(). func CheckBoring() { if boring.Enabled() { - log.Info("FIPS mode is enabled. Using BoringSSL.") + log.Info("FIPS mode is enabled. Using an external SSL library.") return } - log.Info("GitLab Pages was compiled with FIPS mode but BoringSSL is not enabled.") + log.Info("GitLab Pages was compiled with FIPS mode but an external SSL library was not enabled.") } |