Vince/Igor, I fixed my config.nice problem. make and make install are went well. Now,My apache is running in the FIPS mode. The problem was a file called /usr/bin/pkg-config and I moved it to /usr/bin/pkg-config.backup and I ran the /usr/local/apache/build/config.nice under /var/tmp/httpd-2.2.25 and it was went well. I do not know the exact problem,If pkg-config was there under /usr/bin. Seems,/usr/bin/pkg-config was setting up the SSL_LIBS with few libs information and I moved /usr/bin/pkg-config to backup folder,after that config.nice was setting up the SSL_LIBS with correct information and config.nice was happy with my openssl-1.0.1e fips libs. Here is the log information; -------------------------------------------------------------------------------------------------------------------------------------------------------- [Sat Dec 14 10:25:50 2013] [notice] Operating in SSL FIPS mode[Sat Dec 14 10:25:51 2013] [warn] Init: Session Cache is not configured [hint: SSLSessionCache][Sat Dec 14 10:25:53 2013] [notice] Digest: generating secret for digest authentication ...[Sat Dec 14 10:25:53 2013] [notice] Digest: done[Sat Dec 14 10:25:53 2013] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?[Sat Dec 14 10:25:53 2013] [notice] Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.1e-fips configured -- resuming normal operations--------------------------------------------------------------------------------------------------------------------------------------------------- So,Guys,Thanks for all your help. Please let me know,If You have any questions or concerns. Thanks,Srinivas
Srinivasa Rao Katta(System Administrator), skatt...@hotmail.com, From: skatt...@hotmail.com To: icici...@gmail.com Subject: RE: Help Please Date: Fri, 6 Dec 2013 13:10:33 -0500 Igor, Here is the information regarding How I build the openssl 1.0.1e for fips compatible; 1. openssl-fips-ecp-2.0.3.tar.gz # cd /var/tmp/openssl-fips-2.0.3 #./config #make #make install Note:make install created a folder called fips-2.0 under /usr/local/ssl 2. Now,I compiled openssl-1.0.1e with fips option as like as follows; .Copied openssl source compressed tar file(openssl-1.0.1e.tar.gz) on to /var/tmp, .Uncompressed and Untar the above file under /var/tmp, .Changed directory to /var/tmp/openssl-1.0.1e, .I run the following cmds as a user root; #cd /var/tmp/openssl-1.0.1e #./config fips --with-fipslibdir=/usr/local/ssl/fips-2.0/lib/ no-ec2m #make #make install Note: Make install copied the all the openssl files to under /usr/local/ssl, I checked the openssl version like as follows; #cd /usr/local/ssl #cd bin #./openssl OpenSSL>version OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL>exit # --------------------------------------------------------------------------------------------- Note: I compiled above fips and openssl using gcc-4.7.2 compiler. Please let me know,If You have any questions or concerns. Thanks, Srinivas Srinivasa Rao Katta(System Administrator), skatt...@hotmail.com, From: skatt...@hotmail.com To: icici...@gmail.com Subject: RE: Help Please Date: Fri, 6 Dec 2013 06:01:27 -0500 Igor, Thanks for the response to my email. I will give you all the information,When I go to office today. Thanks, Srinivas Srinivasa Rao Katta(System Administrator), skatt...@hotmail.com, Date: Fri, 6 Dec 2013 09:00:01 +1100 Subject: Re: Help Please From: icici...@gmail.com To: skatt...@hotmail.com How did you install openssl-1.0.1e? Obviously apache is not happy about something there. On 06/12/2013 8:42 AM, "Srinivasa Rao Katta" <skatt...@hotmail.com> wrote: Hi Igor, I need your help for to fix my config.nice problem. Here is my system information; SunOS 5.10 Generic_150400-03 sun4v sparc sun4v Apache version 2.2.25 Openssl ----------- #> /usr/local/ssl/bin/openssl OpenSSL> version OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL> # cd /usr/local/ssl/lib #> ls -la total 8218 drwx------ 4 root root 6 Dec 4 18:31 . drwx------ 10 root root 11 Dec 4 18:31 .. drwx------ 2 root root 2 Dec 4 18:31 engines -rw-r--r-- 1 root root 3507800 Dec 4 18:31 libcrypto.a -rw-r--r-- 1 root root 544216 Dec 4 18:31 libssl.a drwx------ 2 root root 5 Dec 4 18:31 pkgconfig # gcc ---- # gcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/local/gcc4/libexec/gcc/sparc-sun-solaris2.10/4.7.2/lto-wrapper Target: sparc-sun-solaris2.10 Configured with: ../configure --without-gnu-as --with-as=/usr/ccs/bin/as --without-gnu-ld --with-ld=/usr/ccs/bin/ld --enable-shared --enable-languages=c,c++,fortran,objc --prefix=/usr/local/gcc4 Thread model: posix gcc version 4.7.2 (GCC) #> Here is /usr/local/apache/build/config.nice information; #! /bin/sh # # Created by configure "./configure" \ "--prefix=/usr/local/apache" \ "--enable-mime-magic" \ "--enable-info" \ "--enable-imagemap" \ "--enable-speling" \ "--enable-rewrite" \ "--enable-authz-host" \ "--enable-authn-anon" \ "--enable-authn-dbm" \ "--enable-auth-digest" \ "--enable-cern-meta" \ "--enable-expires" \ "--enable-headers" \ "--enable-unique_id" \ "--enable-so" \ "--enable-ssl" \ "--with-ssl=/usr/local/ssl" \ "$@" #> I was getting following error,When I run config.nice; #/usr/local/apache/build/config.nice -------------------------------------------------------------------------------------- checking whether to enable mod_ssl... checking dependencies checking for SSL/TLS toolkit base... /usr/local/ssl adding "-I/usr/local/ssl/include" to CPPFLAGS adding "-I/usr/local/ssl/include" to INCLUDES adding "-L/usr/local/ssl/lib" to LDFLAGS adding "-R/usr/local/ssl/lib" to LDFLAGS checking for OpenSSL version... checking openssl/opensslv.h usability... yes checking openssl/opensslv.h presence... yes checking for openssl/opensslv.h... yes checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... yes checking for openssl/ssl.h... yes OK forcing SSL_LIBS to "-lssl -lcrypto " adding "-lssl" to LIBS adding "-lcrypto" to LIBS checking openssl/engine.h usability... yes checking openssl/engine.h presence... yes checking for openssl/engine.h... yes checking for SSLeay_version... no checking for SSL_CTX_new... no checking for ENGINE_init... no checking for ENGINE_load_builtin_engines... no checking for SSL_set_cert_store... no configure: error: ... Error, SSL/TLS libraries were missing or unusable #> ---------------------------------------------------------------------------------------------------- Note:I was getting following error,When I run the /usr/local/apache/build/config.nice; configure: error: ... Error, SSL/TLS libraries were missing or unusable Note:When I copy following openssl 1.0.1c libs to /usr/local/lib,config.nice was running fine and make and make install was running fine; #> ls -la total 13872 drwx------ 2 root root 8 Dec 4 17:40 . drwxr-xr-x 10 bin bin 109 Dec 5 15:18 .. -rwx------ 1 root root 1882678 Dec 4 17:07 libcrypto.so -rwx------ 1 root root 1632892 Dec 4 17:11 libcrypto.so.0.9.8 -rwx------ 1 root root 1882678 Dec 4 17:11 libcrypto.so.1.0.0 -rwx------ 1 root root 409381 Dec 4 17:08 libssl.so -rwx------ 1 root root 302436 Dec 4 17:11 libssl.so.0.9.8 -rwx------ 1 root root 409381 Dec 4 17:11 libssl.so.1.0.0 #> I was getting following output,After done make install,if I used above libs under /usr/local/lib; [notice] Apache/2.2.25(Unix) mod_ssl/2.2.25 OpenSSL/1.0.1c configured -- resuming normal operations I want to compile the apache 2.2.25 for FIPS compatability.So,As per Google,I was used following varaiables on the server before run the config.nice; export CC=/usr/local/ssl/fips-2.0/bin/fipsld export FIPSLD_CC=gcc export LTFLAGS=--tag=CC Please advice me How I can fix following config.nice running problem; -------------------------------------------------------------------------------------------- configure: error: ... Error, SSL/TLS libraries were missing or unusable ------------------------------------------------------------------------------------------- Please find attached config.log file,Which is broken. I was done config.nice and make and make install on other Solaris zone without any problem; Please find attached config.log for working server. Please let me know,If You have any questions or concerns. Please take your own time. Thanks, Srinivas Srinivasa Rao Katta(System Administrator), skatt...@hotmail.com,