On Monday, August 12, 2013 15:00:04 Ján Osuský wrote: > Hi, > > I tried to build libssh2 on FIPS 140-2 compliant RedHat Linux. The build > succeeded but the actual connections failed during key exchange phase. I > noticed that it was related to use of non-FIPS compliant algorithms (namely > MD5) which are not available in libcrypto when in FIPS mode. I fixed it by > patching "src/openssl.h". If there is a better way, let me know. Anyhow, my > patch is attached, have fun.
Thanks for heads up! Could you please provide more details on how you triggered the failure, what version of libssh2 you were using, and what application you were running on top of libssh2? The patch does not seem to be right because it disables the algorithms at compile time. The decision about which algorithm to use should be postponed to the run time IMO. Kamil _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
