You must download the openssl-fips.1.2.0.tar.gz package, and follow the instructions in the companion Security Policy *precisely*. That is the only package that can build a fipscanister.o.
Once the fipscanister.o exists and is installed properly, then you can build with the fips option. Not before. And to fix the fips problem in your source tree: 'make clean' -Kyle H On Wed, Jan 13, 2010 at 6:16 PM, Charles Belov <docor...@sonic.net> wrote: > I attempted to build openssl using the FreeBSD port of openssl. > > Options are set using "make config" as follows: > > Options for openssl 0.9.8l_2 > [ ] I386 Use optimzed assembler for 80386 > [X] SSE2 Use runtime SSE2 detection > [X] ZLIB Build with zlib compression > > and the Makefile shows > > PORTVERSION= 0.9.8l > PORTREVISION= 2 > > Whe I tried to "make" this a few days ago, I believe there were two > additional options: FIPS and SCTP. I tried selecting SCTP, it didn't work, > then I tried selecting FIPS, and got the error: > > (after "making all in crypto/pqueue...") > > making all in fips... > make: don't know how to make /usr/local/ssl/fips-1.0/lib/fipscanister.o. > Stop > *** Error code 2 > > Stop in /var/build/ports/security/openssl/work/openssl-0.9.8l/fips. > *** Error code 1 > > Stop in /var/build/ports/security/openssl/work/openssl-0.9.8l. > *** Error code 1 > > Stop in /ports/security/openssl. > *** Error code 1 > > thus killing the make. I set it aside at that time, then came back to it > today. Even after doing the "make config" I continue to get the > fips-related errors. > > I see from the FreeBSD ports Web site that there was in fact a Makefile > revision 1.161 yesterday to remove FIPS and SCTP support. So I'm guessing > that this is why I no longer see FIPS and SCTP as options. But it also > seems that make is holding on to my prior setting of the FIPS option. > > So, my question is, how do I obliterate this obsolete option, so that I can > make openssl without the FIPS error? > > Thank you, > Charles Belov > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
