On 22/02/13 11:29, Dr. Stephen Henson wrote:
On Fri, Feb 22, 2013, T J wrote:
Does anyone know why this warning is produced when attempting to
call SSL_export_keying_material()?
I have the FIPS module linked in and I notice that the Makefile in
the openssl-fips-2.0 dir contains the line:
OPTIONS= no-asm no-bf no-camellia no-cast no-ec_nistp_64_gcc_128
no-gmp no-idea no-jpake no-krb5 no-md2 no-md5 no-mdc2 no-rc2 no-rc4
no-rc5 no-rfc3779 no-ripemd no-seed no-srp no-ssl2 no-ssl3 no-store
no-tls1 *no-tlsext* no-zlib no-zlib-dynamic no-static-engine
Really? Does this mean I can't use any tls ext functions -
specifically SSL_export_keying_material() - in fips mode?
The FIPS module is *NOT* OpenSSL. It is derived from a version of OpenSSL but
it is a very minimal distribution with only enough present to build
fipscanister.o
Sorry - I wasn't being clear. I'm not linking the FIPS module directly
to my app, I am using a FIPS fips capable OpenSSL (OpenSSL base + the
FIPS module) in FIPS mode. I think I am seeing this error because
OPENSSL_NO_TLSEXT is defined somewhere and the only place I can see that
occurring is in openssl-fips-2.0/Makefile by use of the no-tlsext switch.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
