On Tue, Sep 23, 2008, The Doctor wrote: > On Tue, Sep 23, 2008 at 12:27:20PM +0200, Dr. Stephen Henson wrote: > > On Mon, Sep 22, 2008, The Doctor wrote: > > > > > > > > > > > Apart from me, anyone else tried the fipdso in their configuration > > > as extensively as I have? > > > > > > > The fipsdso option isn't terribly useful for most users. To use it you need > > a corresponding binary validated shared library installed. > > > > If you want to test the shared library build of the 1.2 test module then you > > should instead install the test 1.2 module and just use the "fips" option of > > the 0.9.8-stable branch. > > > > Steve. > > > Here is what I am using: > > > ./Configure threads shared no-sse2 fipsdso enable-capieng enable-montasm > enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 > enable-gmp enable-mdc2 enable-rc5 zlib-dynamic --prefix="/usr/contrib" > --openssldir="/usr/contrib" debug-bsdi-x86-elf "-g -O3 -Wall -mcpu=pentium3 > "; make update > > The reason being is that fipsdso does give a wider option. >
Can you explain what you mean by "does give a wider option"? The only option end users will use in practice once the 1.2 validation is available is "fips". The options "fipsdso" and "fipscanisterbuild" are only useful for generating test versions which never will be validated. I've just fixed a typo which affects the fipsdso build and it now passes "make test" on my setup. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
