On 20/02/2014 00:24, Tom Browder wrote: > On Wed, Feb 19, 2014 at 7:09 PM, Dr Stephen Henson > <[email protected]> wrote: >> On 19/02/2014 23:54, Tom Browder wrote: >>> On Wed, Feb 19, 2014 at 11:21 AM, Tom Browder <[email protected]> wrote: >>>> On Wed, Feb 19, 2014 at 10:53 AM, Dr Stephen Henson >>>> <[email protected]> wrote: >>>>> On 19/02/2014 15:08, Tom Browder wrote: >>>>>> I configured httpd-2.4.7 successfully to use mod_ssl: >>>>>> >>>>>> ... >>>>> That could be user error. The path /usr/local/ssl/fips-2.0 is the default >>>>> install location of the FIPS module which isn't a complete version of >>>>> OpenSSL. >>>>> It should point to the location the FIPS capable OpenSSL is installed >>>>> instead. >>>> >>>> Hm, I thought I tried that but I'll recheck and configure with: >>>> >>>> --with-ssl=/usr/local/ssl >>> >>> Bummer! >>> >>> When I did that, I get this: >>> >>> checking for OpenSSL... checking for user-provided OpenSSL base > .. >>> checking for OpenSSL version >= 0.9.7... OK > >> Well something is wrong there with it indicating OpenSSL version 0.9.7. If >> you >> intend to use the FIPS 2.0 module you must use OpenSSL 1.0.1. > > That doesn't mean its using 0.9.7. As a matter of fact my Debian > installed OpenSSL is 1.0.1e, and Im trying to use 1.0.1.f FIPS. > > But now I get a failure to build Apache: > > /usr/local/ssl/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_free': > c_zlib.c:(.text+0x4d): undefined reference to `inflateEnd' > c_zlib.c:(.text+0x69): undefined reference to `deflateEnd' > /usr/local/ssl/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_ctrl': > c_zlib.c:(.text+0x24e): undefined reference to `deflate' > c_zlib.c:(.text+0x338): undefined reference to `zError' > > So should I just kiss off Open SSL FIPS and Apache? >
What options did you use to configure OpenSSL? That looks like it has been configured to use a static link to zlib. Do you need zlib support? Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 [email protected]
