From 44391f68c3c19b60c6a5e8480f60c02b46e5613c Mon Sep 17 00:00:00 2001
From: WyattBlue <wyattblue@auto-editor.com>
Date: Tue, 10 Mar 2026 01:49:24 -0400
Subject: [PATCH] Be super safe not to break FIPS

Disable openssl explicitly to make sure source builds don't
have FIPS problems. Probably overkill, but whatever.
---
 CHANGELOG.rst      | 1 +
 scripts/build-deps | 1 +
 2 files changed, 2 insertions(+)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index b8f944112..e02cb1dd8 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -47,6 +47,7 @@ Fixes:
 
 - Fix :issue:`2149` by :gh-user:`WyattBlue` in (:pr:`2155`).
 - Fix packet typing based on stream and specify InputContainer.demux based on incoming stream by :gh-user:`ntjohnson1` in (:pr:`2134`).
+- Explicitly disable OpenSSL in source builds (``scripts/build-deps``) to prevent accidental OpenSSL linkage that breaks FIPS-enabled systems, addressing :issue:`1972`.
 
 v16.1.0
 -------
diff --git a/scripts/build-deps b/scripts/build-deps
index 5f32cf140..5b9a299c3 100755
--- a/scripts/build-deps
+++ b/scripts/build-deps
@@ -58,6 +58,7 @@ echo ./configure
     --disable-static \
     --disable-stripping \
     --disable-libxml2 \
+    --disable-openssl \
     --enable-debug=3 \
     --enable-gpl \
     --enable-version3 \