On Tue, Sep 22, 2015 at 3:51 PM, jonetsu <[email protected]> wrote: >> From: "Nikos Mavrogiannopoulos" <[email protected]> >> Date: 09/22/15 02:24 > >> In FIPS140-2 mode the library must have integrity tests, and if these >> are not present it will fail to load. You may use the environment >> variable GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS (set to 1), to skip these >> tests. > Thanks. OTOH, the interest is to have the test succeed. I have looked into > the INSTALL file and the user guide but did not find anything about running > integrity tests, howto setup for them, etc. In fips-test.c there is a > mention: > fprintf(stderr, > "Please note that if in FIPS140 mode, you need to assure the library's > integrity prior to running this test\n"); > How are these integrity tests run ? Is there documentation about them ?
They are run on the gnutls global initializer. There is no documentation for the FIPS140 operations. It affects too few people to make sense writing it. Unless there is someone contributing that documentation I don't think that this will change soon. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
