On Thu, Oct 16, 2014, Russell Selph wrote: > Thanks. We're going ahead with patching 0.9.8zc to ignore this test. I'm > not sure if it's the "right" solution, but given that 0.9.8 is EOL, and > therefore FIPS 1.2.4 is VERY unlikely to ever be updated, would it be > reasonable to have 0.9.8 disable this test when doing a FIPS build? >
It will never be updated. Fixing it would at least require a change letter for obsolete code and I suspect the labs wouldn't be able to approve a change to something that old. Changing BN might be considered "security sensitive" which would mean even that ridiculously unlikely route would be impossible. > I only ask this because our customers are not generally comfortable with > statements like "You can't have FIPS any more," or "It passes all the tests > but one." I'd be happy to put together the patch to accomplish this, if it > could be incorporated into the trunk for 0.9.8. > No need. I'm looking into it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
