Yes, I know it sounds crazy. Our product has historically linked everything statically into one giant executable and also one medium size shared library for customer linking. What I need to do is statically link in the FIPS capable libraries into a dynamic library, in this case on a .so (on windows we use shared libraries all over, only on unix are we all static, don't ask, it was done long before I was involved).
Looking at fipsld there is a case where it detects that it is building the OpenSSL shared libraries. I tried using that as a starting point but was quickly confused when I noticed that it starts off removing fipscanister.o from libcrypto.a. I though I would give it a shot without doing that, but fips_premain_dso complains that the hashes don't match. Is what I need to do possible in the confines of the security policy? Do I need to follow the steps that the OpenSSL shared libs do in fipsld? Thanks in advance, Jake ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]