From ae86184511089cd817b09f3bac5dca30adf65d6a Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Fri, 14 Jun 2024 12:04:00 +0200 Subject: [PATCH] root: add configuration option to enable fips (#10088) --- authentik/lib/default.yml | 3 +++ lifecycle/gunicorn.conf.py | 5 +---- manage.py | 6 ++---- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/authentik/lib/default.yml b/authentik/lib/default.yml index 183ad8341c..5ca7a83756 100644 --- a/authentik/lib/default.yml +++ b/authentik/lib/default.yml @@ -116,6 +116,9 @@ events: context_processors: geoip: "/geoip/GeoLite2-City.mmdb" asn: "/geoip/GeoLite2-ASN.mmdb" +compliance: + fips: + enabled: false cert_discovery_dir: /certs diff --git a/lifecycle/gunicorn.conf.py b/lifecycle/gunicorn.conf.py index c158680697..a3ffe7489a 100644 --- a/lifecycle/gunicorn.conf.py +++ b/lifecycle/gunicorn.conf.py @@ -7,7 +7,6 @@ from pathlib import Path from tempfile import gettempdir from typing import TYPE_CHECKING -from cryptography.exceptions import InternalError from cryptography.hazmat.backends.openssl.backend import backend from defusedxml import defuse_stdlib from prometheus_client.values import MultiProcessValue @@ -30,10 +29,8 @@ if TYPE_CHECKING: defuse_stdlib() -try: +if CONFIG.get_bool("compliance.fips.enabled", False): backend._enable_fips() -except InternalError: - pass wait_for_db() diff --git a/manage.py b/manage.py index 4c5120225a..09d065e919 100755 --- a/manage.py +++ b/manage.py @@ -4,7 +4,7 @@ import os import sys import warnings -from cryptography.exceptions import InternalError +from authentik.lib.config import CONFIG from cryptography.hazmat.backends.openssl.backend import backend from defusedxml import defuse_stdlib from django.utils.autoreload import DJANGO_AUTORELOAD_ENV @@ -24,10 +24,8 @@ warnings.filterwarnings( defuse_stdlib() -try: +if CONFIG.get_bool("compliance.fips.enabled", False): backend._enable_fips() -except InternalError: - pass if __name__ == "__main__":