Chris: Thanks for the reply.
Here is the thing I want: I need to build a openssl library that is fips
capable so that I can link libcurl against the library, since libcurl
uses openssl library to do the decode/encode stuff.
I am guessing that I will need to build my own openssl library that
linked against FIPS module.
Is that right?
Thanks
Wei
Christopher Marshall wrote:
Wei:
My current guess is that if all you are trying to do is get an openssl utility
that is FIPS
certified, then doing
./config fips
make
make install
from inside the top level directory of openssl-fips-1.1.1 is all that is
required.
If you want an openssl utility of a more recent 0.9.7 version that the one
fips-1.1.1 is based on,
then you would have to do a two pass build as you outlined using one of the
0.9.7 snapshots.
Is that correct everyone?
Chris Marshall
--- Wei Weng <[EMAIL PROTECTED]> wrote:
Hi. Sorry I can not answer your question, but it seems that you are the
only one that is working on getting openssl-fips-1.1.1 to work these
days, so I had to bug you for some trivial questions. :)
Do you think the process I had gone into making openssl-fips-1.1.1 work
is correct? (I do realize we are working on different platforms, but I
think the general procedures should be similar)
Thanks! The following is from an email I sent the list earlier.
Hi all.
I want to know whether this is correct in building a FIPS capable
openSSL binaries.
download openssl-fips-1.1.1.tar.gz and openssl-0.9.7l.tar.gz, unzip them
into their own directories.
cd openssl-fips-1.1.1, do
./config fips --prefix=/opt/fips
and make; make install is going to install fips_canister.o inside
/opt/fips/lib directory.
cd openssl-0.9.7l, do
./config shared --with-fipslibdir=/opt/fips/lib/
--openssldir=/opt/openssl-0.9.7l/
and make; make install is going to put FIPS capable openssl binaries
into /opt/openssl-0.9.7l/
Is this correct? Thanks in advance.
Wei
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Wei
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
