Second, it doesn't describe which version of the OpenSSL API that the
newly-validated module supports. (in this case, it supports v0.9.8
(and requires 0.9.8i onward), but I dunno about 0.9.7?) Providing
compatibility with a version bump in the API is significant enough
that it should be called out in the press release.
It is 0.9.8j onward which hasn't been released yet but it will be in the next
few days. In the meantime a 0.9.8 snapshot needs to be used.
FYI, I pulled the 0.9.8 stable CVS branch this afternoon to test fips
and had jpake compilation issues (missing jpake.h header file, removing
the Makefile references resolved the build issue). Hopefully that is
fixed before 0.9.8j release.
Also, I didn't see an updated Users Guide for v1.2, so I hope
the build is pretty much the same as v1.1.x:
./config --with-fipslibdir=<wherever> fips
Finally, I'm getting X509_V_ERR_CERT_SIGNATURE_FAILURE errors when in
fips mode during SSL negotiation, but the same binary, simply telling
it via a config setting not to enter fips mode, works fine. This
is to ssl3.vitalps.net:5003, specifically, but I don't have any reason
to believe other addresses would be different. This was with the
resultant 0.9.8j-pre CVS release compiled against the fipscanister from
v1.2, haven't tried with the v1.2-generated library directly.
Just thought I'd pass that on since people were already in discussion
here to see if anyone else has had similar issues. I've yet to actually
debug it further, need to write a test case to see if it occurs there
first or somehow my fault in some other way ;)
-Brad
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
