Anyone had a chance to look at this? I would really appreciate any help someone offers.
Thanks, -- Peter Barton NetProtec -------- Original Message -------- Subject: OpenSSL FIPS 140-2 Compliant From: <pbar...@netprotec.com> Date: Sat, July 26, 2014 10:15 am To: openssl-users@openssl.org I am attempting to compile a current version of OpenVPN against an OpenSSL-1.0.1h source that I compiled calling the OpenSSL-fips-2.0.5 module. I created libssl.a and libcrypto.a and I have been trying, unsuccessfully, to compile the OpenVPN-2.3.4 calling these libraries. I am far from an expert in doing this so I was wondering if anyone else could help me with this? My lack of expertise in this is most likely the problem, but here is what I have done so far. I have added a direct call to fips_mode_set() in the following file, openvpn.c, openvpnapi.c, crypto.c and ssl.c #ifdef OPENSSL_FIPS if(options.no_fips <= 0) { if(!FIPS_mode_set(1)) { ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); exit(1); } else fprintf(stderr,"*** IN FIPS MODE ***\n"); } #endif I then ran ./configure OPENSSL_FIPS=1 as well as set an environment variable of OPENSSL_FIPS=1 Once the configure script finished I ran: make CC=fipsld FIPSLD_CC=gcc the make ran for quite a while then errored out with the following: /bin/bash ../../libtool --tag=CC --mode=link fipsld -g -O2 -o openvpn base64.o buffer.o clinat.o crypto.o crypto_openssl.o crypto_polarssl.o dhcp.o error.o event.o fdmisc.o forward.o fragment.o gremlin.o helper.o httpdigest.o lladdr.o init.o interval.o list.o lzo.o manage.o mbuf.o misc.o platform.o console.o mroute.o mss.o mstats.o mtcp.o mtu.o mudp.o multi.o ntlm.o occ.o pkcs11.o pkcs11_openssl.o pkcs11_polarssl.o openvpn.o options.o otime.o packet_id.o perf.o pf.o ping.o plugin.o pool.o proto.o proxy.o ps.o push.o reliable.o route.o schedule.o session_id.o shaper.o sig.o socket.o socks.o ssl.o ssl_openssl.o ssl_polarssl.o ssl_verify.o ssl_verify_openssl.o ssl_verify_polarssl.o status.o tun.o win32.o cryptoapi.o ../../src/compat/libcompat.la -lnsl -lresolv -llzo2 -lssl -lcrypto -ldl libtool: link: fipsld -g -O2 -o openvpn base64.o buffer.o clinat.o crypto.o crypto_openssl.o crypto_polarssl.o dhcp.o error.o event.o fdmisc.o forward.o fragment.o gremlin.o helper.o httpdigest.o lladdr.o init.o interval.o list.o lzo.o manage.o mbuf.o misc.o platform.o console.o mroute.o mss.o mstats.o mtcp.o mtu.o mudp.o multi.o ntlm.o occ.o pkcs11.o pkcs11_openssl.o pkcs11_polarssl.o openvpn.o options.o otime.o packet_id.o perf.o pf.o ping.o plugin.o pool.o proto.o proxy.o ps.o push.o reliable.o route.o schedule.o session_id.o shaper.o sig.o socket.o socks.o ssl.o ssl_openssl.o ssl_polarssl.o ssl_verify.o ssl_verify_openssl.o ssl_verify_polarssl.o status.o tun.o win32.o cryptoapi.o ../../src/compat/.libs/libcompat.a -lnsl -lresolv -llzo2 -lssl -lcrypto -ldl diff: .sha1: No such file or directory No such file or directory fingerprint mismatch make[3]: *** [openvpn] Error 1 make[3]: Leaving directory `/usr/local/src/openvpn-2.3.2/src/openvpn' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/usr/local/src/openvpn-2.3.2/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/src/openvpn-2.3.2' make: *** [all] Error 2 I have asked this same question in the OpenVPN-dev email list but since this error only happens when I make using the CC=fipsld option I figured I would ask here as well. I hope this is not overly verbose, but I believe it is all relevant. If someone can help me out with the error and let me know if I am on the correct path I would really appreciate it. Thank you, -- Peter Barton NetProtec ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org