Is it possible to build a "debuggable" version of the canister (eg does not fail the fingerprint test)?
Thanks, Woody Dr. Stephen Henson wrote on 02/27/2012 03:04 PM: > > On Mon, Feb 27, 2012, gatewood_gr...@mcafee.com wrote: > > > Even without linking the canister (not using fipsld), if I use the FIPS > > includes, RAND_status() fails. According to nm, the RAND_status is > > still redirected to FIPS_rand_status. > > > > > > Ah you're including the FIPS module header files if that happens. The > function > RAND_status() should stay as RAND_status() when building against the FIPS > capapable OpenSSL. > > Try specifying the path to the FIPS capable OpenSSL header install > location > first so they are used in preference to the module header files. In > fact you > can delete everything apart from fips.h and fips_rand.h from the module > install of header files. > > Also use the FIPSDIR environment variable instead of specifying any > options fo > ./config for the module, you can also use that instead of the --with-fips* > options when you build the FIPS capable OpenSSL. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Gatewood Green Principal Software Engineer NitroSecurity, now part of McAfee o: 2085528269 c: 2082067455 e: gatewood_gr...@mcafee.com w: http://www.nitrosecurity.com/ Imagine, if you will, a world in which there are no hypothetical situations...
signature.asc
Description: OpenPGP digital signature
