RussMitch wrote: > >> That's against the security policy. > > I don't care about the security policy. I just want to build openssl with > fips enabled, link to it, and pass the power up tests. Can you help? > > /Russ
Ok - I'll bite - the only possible reason for going through the pain and suffering of FIPS anything is to have a FIPS validated product at the end. The only way to have a FIPS validated product is to follow the security policy. Therefore, if you don't care about the security policy, why are you bothering with trying to compile a non-policy compliant FIPS build - the resultant library will be both brain damaged and probably useless for any validated purpose. I really can't see the point of doing 1/2 FIPS - either do it according to the security policy, or don't bother at all... to do it any way than according to the policy is to end up with something that is hard to work with, doesn't play nicely with other packages and programs, and arbitrarily doesn't work. Just my $0.02 CAD Patrick. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
