On Wed, Jan 07, 2009, Dan Mitton via RT wrote: > While trying to 'make' openssl-fips-1.2, I get the following error: > > unable to find /usr/local/ssl/lib/fips-1.0/fipscanister.o > > The only source files resembling the needed one are: > > ./openssl-0.9.8j/fips/fips_canister.c > ./openssl-fips-1.2/fips/fips_canister.c > > The command I used to configure the make is: > > ./config shared zlib-dynamic --prefix=/usr/local/ssl-fips-1.2 > --openssldir=/usr/local/ssl-fips-1.2 > > This is on a Sun Solaris system: > > SunOS nessie 5.9 Generic_122300-16 sun4u sparc SUNW,Sun-Blade-1000 Solaris > > Also, in a note from Dr. Stephen Henson, it was mentioned that for > openssl-0.9.8j : > > This is the first full release of OpenSSL that can link against the > validated FIPS module version 1.2 > > but there is no mention in either of the INSTALL files (openssl-0.9.8j nor > openssl-fips-1.2) on how to do this. >
OpenSSL must be built and used in a manner consistent with the security policy in order to be compliant with FIPS 140-2. See: http://www.openssl.org/docs/fips/SecurityPolicy-1.2.pdf User level instructions are available at: http://www.openssl.org/docs/fips/UserGuide-1.2.pdf Do not send support queries to the request tracker, they should go to openssl-users. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
