Keith Theman wrote: > I am not understanding the relationship and process between building > the fipscanister and openssl.... > > If I understand correctly, you first build the fipscanister version > of openssl (?) ..... then what?
See discussion of the "FIPS capable" OpenSSL in the User Guide, http://openssl.org/docs/fips/UserGuide.pdf. The thing that is validated is *not* "OpenSSL", it is a different beast, the "OpenSSL FIPS Object Module". > http://www.openssl.org/source/openssl-fips-1.2.2.tar.gz > > ./config fipscanisterbuild --prefix=/u01/fipsssl --openssldir=/u01/openssl That command is a no-no, unless you're just playing around with the code and have no intention to use the result. Arbitrary runtime options are not allowed when building a validated module, as clearly documented in the Security Policy document that describes the necessary steps for building a validated module: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1051.pdf. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877-673-6775 marqu...@opensslfoundation.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
