Hi Vladimir, FreeRDP does not access FIPS related functions of OpenSSL.
It first checks with a call to FIPS_mode (which is available from version 1.0.1) if it is enabled. If your compile is failing, best check which version is detected and if the includes match the library found. (Both can be found in the CMakeCache.txt file generated, OPENSSL_INCLUDE_DIR and OPENSSL_SSL_LIBRARY) best Armin On 05/16/2018 10:17 AM, Vladimir via FreeRDP-devel wrote: > Greetings to all! > > I was trying to compile xFreeRdp on macOS following the instructions > here https://github.com/FreeRDP/FreeRDP/wiki/Compilation and have problems. > > Apple don't provide openssl on Mac anymore, and so we need to install it > from brew or from macports. But! Currently FreeRDP tries to access > "FIPS" extensions in openssl when on linking stage, and as I can say > after some research - nor homebrew nor macports provides opeenssl with > FIPS extensions, just openssl without FIPS. > > Even more, I was reading that openssl project don't recommend/provide to > enable/compile FIPS on macOS system - in their PDF document macOS was > not in list of systems that could use FIPS. > (Sorry for not exact terms, I don't understand the details yet, just > common things regarding this FIPS and openssl on mac) > > So, could you recommend the workaround for this situation? Can I somehow > disable using of "FIPS" in FreeRDP so "usual" openssl could be used to > build? > > If so, will that break some compatibility with Microsoft RDP server on > Windows? > > If we really need FIPS in FreeRDP but openssl don't provide/recommed/etc > FIPS on macOS platform - what we can do? > > I saw that you are trying to create/use your own encryption layer which > will internally use different "backends" like openssl or other system. > Is there any progress in using Apples's native encryption libs instead > of openssl on mac(& ios?) platform? I assume this will be a real > "solution" for the issue. Any starting point to look at this? > > I appreciate any comment on this or even simple link to help me move > forward on this problem. > > Vladimir. > > > ------------------------------------------------------------------------------ > > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > FreeRDP-devel mailing list > FreeRDP-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/freerdp-devel ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ FreeRDP-devel mailing list FreeRDP-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freerdp-devel
