Dr. Stephen Henson
Thu, 11 Mar 2010 11:33:11 -0800
On Thu, Mar 11, 2010, Adam Grossman wrote: > hello, > > i just built fips 1.2, and then built a FIPs capable OpenSSL 0.9.8l as a > shared lib. I then took my application, added in FIPS_mode_set(1), and > it passed. But then i realized i did not switch over in my make file to > use "CC=fipsld" It still used "CC=gcc -fPIC". > > Is the reason why it worked is perhaps OpenSSL compiled with fipsld, > therefore i do not need to use it in my application? i just want to > make sure i understand the role of the fipsld in case i am getting a > false positive... >
Yes if you link to a FIPS capable shared library you don't need to use fipsld: the integrity signature is embedded in the shared library itself. If you linked a static application you would need fipsld. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org