You must download the openssl-fips.1.2.0.tar.gz package, and follow
the instructions in the companion Security Policy *precisely*. That
is the only package that can build a fipscanister.o.
Once the fipscanister.o exists and is installed properly, then you can
build with the fips option. Not before.
And to fix the fips problem in your source tree: 'make clean'
-Kyle H
On Wed, Jan 13, 2010 at 6:16 PM, Charles Belov docor...@sonic.net wrote:
I attempted to build openssl using the FreeBSD port of openssl.
Options are set using make config as follows:
Options for openssl 0.9.8l_2
[ ] I386 Use optimzed assembler for 80386
[X] SSE2 Use runtime SSE2 detection
[X] ZLIB Build with zlib compression
and the Makefile shows
PORTVERSION= 0.9.8l
PORTREVISION= 2
Whe I tried to make this a few days ago, I believe there were two
additional options: FIPS and SCTP. I tried selecting SCTP, it didn't work,
then I tried selecting FIPS, and got the error:
(after making all in crypto/pqueue...)
making all in fips...
make: don't know how to make /usr/local/ssl/fips-1.0/lib/fipscanister.o.
Stop
*** Error code 2
Stop in /var/build/ports/security/openssl/work/openssl-0.9.8l/fips.
*** Error code 1
Stop in /var/build/ports/security/openssl/work/openssl-0.9.8l.
*** Error code 1
Stop in /ports/security/openssl.
*** Error code 1
thus killing the make. I set it aside at that time, then came back to it
today. Even after doing the make config I continue to get the
fips-related errors.
I see from the FreeBSD ports Web site that there was in fact a Makefile
revision 1.161 yesterday to remove FIPS and SCTP support. So I'm guessing
that this is why I no longer see FIPS and SCTP as options. But it also
seems that make is holding on to my prior setting of the FIPS option.
So, my question is, how do I obliterate this obsolete option, so that I can
make openssl without the FIPS error?
Thank you,
Charles Belov
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-us...@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org