[gnutls-help] FIPS mode: letting the OS know

jonetsu at teksavvy.com jonetsu at teksavvy.com
Fri Mar 27 01:16:07 CET 2015


Hello,

  What would be the most practical way to add some code to a
FIPS-mode GnuTLS in order to notify the OS of any FIPS error ?  That
notification could simply be creating a file at a location that is
watched over by an application using inotify.  The idea is to be able
to take any action when such errors happen and, not to modify
applications that are using GnuTLS since this would require more code
maintenance.

  I don't think this code would be in upstream GnuTLS since it is local
to the domain of the runtime OS.

  Is there a method that is always called when FIPS errors are
encountered ?  Or is there a callback that can be set in the library
to catch error codes ?

Regards.



More information about the Gnutls-help mailing list