trafficserver git commit: TS-3576: Added comments in code on what I am doing

[bc...@apache.org]

Repository: trafficserver
Updated Branches:
  refs/heads/master d09c98003 -> e09749ca9


TS-3576: Added comments in code on what I am doing


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/e09749ca
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/e09749ca
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/e09749ca

Branch: refs/heads/master
Commit: e09749ca94e8667079076a290180ca35589ea2d8
Parents: d09c980
Author: Bryan Call <bc...@apache.org>
Authored: Thu Apr 30 19:02:31 2015 -0700
Committer: Bryan Call <bc...@apache.org>
Committed: Thu Apr 30 19:02:31 2015 -0700

----------------------------------------------------------------------
 iocore/net/SSLUtils.cc | 3 +++
 1 file changed, 3 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e09749ca/iocore/net/SSLUtils.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 0b73244..881ca2f 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -143,6 +143,7 @@ SSL_locking_callback(int mode, int type, const char *file, int line)
   ink_assert(type < CRYPTO_num_locks());
 
 #ifdef OPENSSL_FIPS
+  // don't need to lock for FIPS if it has POSTed and we are not going to change the mode on the fly
   if (type == CRYPTO_LOCK_FIPS || type == CRYPTO_LOCK_FIPS2) {
     return;
   }
@@ -766,6 +767,8 @@ SSLInitializeLibrary()
     SSL_library_init();
 
 #ifdef OPENSSL_FIPS
+    // calling FIPS_mode_set() will force FIPS to POST (Power On Self Test)
+    // After POST we don't have to lock for FIPS
     int mode = FIPS_mode();
     FIPS_mode_set(mode);
     Debug("ssl", "FIPS_mode: %d", mode);