On Wed, Feb 19, 2014 at 7:09 PM, Dr Stephen Henson <[email protected]> wrote: > On 19/02/2014 23:54, Tom Browder wrote: >> On Wed, Feb 19, 2014 at 11:21 AM, Tom Browder <[email protected]> wrote: >>> On Wed, Feb 19, 2014 at 10:53 AM, Dr Stephen Henson >>> <[email protected]> wrote: >>>> On 19/02/2014 15:08, Tom Browder wrote: >>>>> I configured httpd-2.4.7 successfully to use mod_ssl: >>>>> >>>>> ... >>>> That could be user error. The path /usr/local/ssl/fips-2.0 is the default >>>> install location of the FIPS module which isn't a complete version of >>>> OpenSSL. >>>> It should point to the location the FIPS capable OpenSSL is installed >>>> instead. >>> >>> Hm, I thought I tried that but I'll recheck and configure with: >>> >>> --with-ssl=/usr/local/ssl >> >> Bummer! >> >> When I did that, I get this: >> >> checking for OpenSSL... checking for user-provided OpenSSL base .. >> checking for OpenSSL version >= 0.9.7... OK
> Well something is wrong there with it indicating OpenSSL version 0.9.7. If you > intend to use the FIPS 2.0 module you must use OpenSSL 1.0.1. That doesn't mean its using 0.9.7. As a matter of fact my Debian installed OpenSSL is 1.0.1e, and Im trying to use 1.0.1.f FIPS. But now I get a failure to build Apache: /usr/local/ssl/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_free': c_zlib.c:(.text+0x4d): undefined reference to `inflateEnd' c_zlib.c:(.text+0x69): undefined reference to `deflateEnd' /usr/local/ssl/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_ctrl': c_zlib.c:(.text+0x24e): undefined reference to `deflate' c_zlib.c:(.text+0x338): undefined reference to `zError' So should I just kiss off Open SSL FIPS and Apache? -Tom
