On Fri, May 11, 2012, Bill Reister wrote: > Hi all, noobie here. No experience with Linux compiling, and having some > issues trying to get a validated FIPS compatible build. > > Using Ubuntu 12.04, fresh install. By default it already has GNU C and GPG > installed, that part all worked fine. > > I followed the instructions verbatim from the OpenSSL FIPS Object Module FIPS > 140-2 User Guide (http://www.openssl.org/docs/fips/UserGuide-1.2.pdf). > However, when I was finished with the second make install there were two > separate installations of openssl (one in /usr/local/ssl/fips-1.0 and another > in /usr/local/ssl/fips). I tried the command line instructions to verify the > build I found from Oracle: > > $ export LD_LIBRARY_PATH=/lib/openssl/fips-1.0 > $ export OPENSSL_FIPS=1 > $ openssl version > FIPS mode not supported > > ... and tried again with the lib path /usr/local/ssl/fips and same results. >
If you built statically then the binary openssl utility in /usr/local/ssl/fips/bin is the one you need to call, either give it the full path name or place it on your PATH variable. If not try setting LD_LIBRARY_PATH to /usr/local/ssl/fips/lib first. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org