On 04/16/2012 04:41 PM, Simon Convey wrote: > Dear all, > ( On a Linux 2.6.32 x86_64 ) I'm trying to build a > FIPS 2 openssl When I configure the fips code, config spits out as > warning.... > ... > > WARNING: OpenSSL has been configured using unsupported option(s) to internally > generate a fipscanister.o object module for TESTING PURPOSES ONLY; ... > > I *assume* that the warning is because we are using test software, > rather than configuration problems ? > And that the correct procedure is just "./config" rather than > "./config fipcanisteronly", which the README.FIPS suggests ? > > Secondly, once fipscansiter is built, ( and installed to > /usr/local/ssl/fips-2.0 ), I should be using ... > > #cd openssl-1.0.1 > #./config fips shared ( I want fipscanister in libcrypto.so.1 ) > > Is it ok to use fipscanister inside libcrypto this way ?
Yes to all three questions. The validation is still pending for the 2.0 module (we're engaged in an extended dialog about the precise process used to verify the source tarball). Once a validated module is properly generated you are free to use it with any application, including an OpenSSL shared library. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
