fixed GH #2358: Don't include <openssl/fips.h> for later OpenSSL

NetSSL_OpenSSL/include/Poco/Net/SSLManager.h

@@ -29,7 +29,7 @@
 #include "Poco/SharedPtr.h"
 #include "Poco/Mutex.h"
 #include <openssl/ssl.h>
-#ifdef OPENSSL_FIPS
+#if defined(OPENSSL_FIPS) && OPENSSL_VERSION_NUMBER < 0x010001000L
 #include <openssl/fips.h>
 #endif
 
@@ -42,7 +42,7 @@ class Context;
 
 
 class NetSSL_API SSLManager
-	/// SSLManager is a singleton for holding the default server/client 
+	/// SSLManager is a singleton for holding the default server/client
 	/// Context and handling callbacks for certificate verification errors
 	/// and private key passphrases.
 	///
@@ -62,7 +62,7 @@ class NetSSL_API SSLManager
 	/// ClientVerificationError and PrivateKeyPassphraseRequired events
 	/// must be registered.
 	///
-	/// An exemplary documentation which sets either the server or client default context and creates 
+	/// An exemplary documentation which sets either the server or client default context and creates
 	/// a PrivateKeyPassphraseHandler that reads the password from the XML file looks like this:
 	///
 	///    <AppConfig>
@@ -104,7 +104,7 @@ class NetSSL_API SSLManager
 	/// Following is a list of supported configuration properties. Property names must always
 	/// be prefixed with openSSL.server or openSSL.client. Some properties are only supported
 	/// for servers.
-	/// 
+	///
 	///    - privateKeyFile (string): The path to the file containing the private key for the certificate
 	///      in PEM format (or containing both the private key and the certificate).
 	///    - certificateFile (string): The Path to the file containing the server's or client's certificate
@@ -117,9 +117,9 @@ class NetSSL_API SSLManager
 	///    - loadDefaultCAFile (boolean): Specifies whether the builtin CA certificates from OpenSSL are used.
 	///    - cipherList (string): Specifies the supported ciphers in OpenSSL notation
 	///      (e.g. "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH").
-	///    - preferServerCiphers (bool): When choosing a cipher, use the server's preferences instead of the 
-	///      client preferences. When not called, the SSL server will always follow the clients 
-	///      preferences. When called, the SSL/TLS server will choose following its own 
+	///    - preferServerCiphers (bool): When choosing a cipher, use the server's preferences instead of the
+	///      client preferences. When not called, the SSL server will always follow the clients
+	///      preferences. When called, the SSL/TLS server will choose following its own
 	///      preferences.
 	///    - privateKeyPassphraseHandler.name (string): The name of the class (subclass of PrivateKeyPassphraseHandler)
 	///      used for obtaining the passphrase for accessing the private key.
@@ -127,14 +127,14 @@ class NetSSL_API SSLManager
 	///    - invalidCertificateHandler.name: The name of the class (subclass of CertificateHandler)
 	///      used for confirming invalid certificates.
 	///    - cacheSessions (boolean): Enables or disables session caching.
-	///    - sessionIdContext (string): contains the application's unique session ID context, which becomes 
-	///      part of each session identifier generated by the server. Can be an arbitrary sequence 
+	///    - sessionIdContext (string): contains the application's unique session ID context, which becomes
+	///      part of each session identifier generated by the server. Can be an arbitrary sequence
 	///      of bytes with a maximum length of SSL_MAX_SSL_SESSION_ID_LENGTH. Should be specified
 	///      for a server to enable session caching. Should be specified even if session caching
 	///      is disabled to avoid problems with clients that request session caching (e.g. Firefox 3.6).
 	///      If not specified, defaults to ${application.name}.
 	///    - sessionCacheSize (integer): Sets the maximum size of the server session cache, in number of
-	///      sessions. The default size (according to OpenSSL documentation) is 1024*20, which may be too 
+	///      sessions. The default size (according to OpenSSL documentation) is 1024*20, which may be too
 	///      large for many applications, especially on embedded platforms with limited memory.
 	///      Specifying a size of 0 will set an unlimited cache size.
 	///    - sessionTimeout (integer):  Sets the timeout (in seconds) of cached sessions on the server.
@@ -149,7 +149,7 @@ class NetSSL_API SSLManager
 	///      If not specified or empty, the default parameters are used.
 	///    - ecdhCurve (string): Specifies the name of the curve to use for ECDH, based
 	///      on the curve names specified in RFC 4492. Defaults to "prime256v1".
-	///    - fips: Enable or disable OpenSSL FIPS mode. Only supported if the OpenSSL version 
+	///    - fips: Enable or disable OpenSSL FIPS mode. Only supported if the OpenSSL version
 	///      that this library is built against supports FIPS mode.
 {
 public:
@@ -176,7 +176,7 @@ public:
 		/// PtrPassphraseHandler and ptrCertificateHandler can be 0. However, in this case, event delegates
 		/// must be registered with the ServerVerificationError and PrivateKeyPassphraseRequired events.
 		///
-		/// Note: Always create the handlers (or register the corresponding event delegates) before creating 
+		/// Note: Always create the handlers (or register the corresponding event delegates) before creating
 		/// the Context, as during creation of the Context the passphrase for the private key might be needed.
 		///
 		/// Valid initialization code would be:
@@ -192,7 +192,7 @@ public:
 		/// PtrPassphraseHandler and ptrCertificateHandler can be 0. However, in this case, event delegates
 		/// must be registered with the ClientVerificationError and PrivateKeyPassphraseRequired events.
 		///
-		/// Note: Always create the handlers (or register the corresponding event delegates) before creating 
+		/// Note: Always create the handlers (or register the corresponding event delegates) before creating
 		/// the Context, as during creation of the Context the passphrase for the private key might be needed.
 		///
 		/// Valid initialization code would be:
@@ -202,13 +202,13 @@ public:
 		///     SSLManager::instance().initializeClient(pConsoleHandler, pInvalidCertHandler, pContext);
 
 	Context::Ptr defaultServerContext();
-		/// Returns the default Context used by the server. 
+		/// Returns the default Context used by the server.
 		///
 		/// Unless initializeServer() has been called, the first call to this method initializes the default Context
 		/// from the application configuration.
 
 	Context::Ptr defaultClientContext();
-		/// Returns the default Context used by the client. 
+		/// Returns the default Context used by the client.
 		///
 		/// Unless initializeClient() has been called, the first call to this method initializes the default Context
 		/// from the application configuration.
@@ -230,16 +230,16 @@ public:
 		/// If none is set, it will try to auto-initialize one from an application configuration.
 
 	PrivateKeyFactoryMgr& privateKeyFactoryMgr();
-		/// Returns the private key factory manager which stores the 
+		/// Returns the private key factory manager which stores the
 		/// factories for the different registered passphrase handlers for private keys.
 
 	CertificateHandlerFactoryMgr& certificateHandlerFactoryMgr();
-		/// Returns the CertificateHandlerFactoryMgr which stores the 
+		/// Returns the CertificateHandlerFactoryMgr which stores the
 		/// factories for the different registered certificate handlers.
 
 	static bool isFIPSEnabled();
 		// Returns true if FIPS mode is enabled, false otherwise.
-		
+
 	void shutdown();
 		/// Shuts down the SSLManager and releases the default Context
 		/// objects. After a call to shutdown(), the SSLManager can no
@@ -267,7 +267,7 @@ protected:
 		/// Method is invoked by OpenSSL to retrieve a passwd for an encrypted certificate.
 		/// The request is delegated to the PrivatekeyPassword event. This method returns the
 		/// length of the password.
-		
+
 	static Poco::Util::AbstractConfiguration& appConfig();
 		/// Returns the application configuration.
 		///