From 8c8ca24806d5ebfe5018279ec84538a17014a918 Mon Sep 17 00:00:00 2001
From: xiaoweiwei <xiaoweiwei5@huawei.com>
Date: Tue, 28 Jul 2020 10:57:56 +0800
Subject: [PATCH] fips

---
 src/dnsmasq.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 2306c48..bfad87f 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -877,6 +877,9 @@ int main (int argc, char **argv)
 	my_syslog(LOG_INFO, _("DNSSEC validation enabled but all unsigned answers are trusted"));
       else
 	my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
+
+      if (access("/etc/system-fips", F_OK) == 0)
+        my_syslog(LOG_WARNING, _("DNSSEC support is not FIPS 140-2 compliant"));
       
       daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
       if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
-- 
1.8.3.1