On Fri, Dec 12, 2008, Collins, Jerry wrote: > Hello, > I'm having a problem with the fipsld script when trying to line the > fips-1.2 libraries to my programs. This is on a Sun UNIX system. > > My problem is during the fingerprint validation. The reference sha1 > files, built at the time of the build of the rest of the library have > the filename with no path in them. When I'm building my executables, > the output from the fips_standalone_sha1 executable includes the > relative path for the file being fingerprinted, making the result not > match the reference file. > > Can I modify the fipsld file and maintain fips validation? Can I > modify the sha1 output files from the build to have the correct relative > path and maintain fips validation? Does anyone have any other > suggestions? >
Your easiest option would be to use shared libraries then you can avoid the use of fipsld entirely. I'm not sure how you are getting that problem from your description. The 0.9.8-stable branch uses those files with no problems. The fipsld script itself is not part of the validation but the process mentioned in the security policy must be adhered to if you use an alternative method. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
