It appears OpenSSL 1.0.2g introduced a regression when attempting to run 'make test' on a fips-enabled build on linux. When compiling without FIPS, the tests pass as expected. However, with fips turned on, "make test" fails when trying to use ssl2 it appears. Running 'make test' is a fairly standard practice to try to ensure there were no unexpected failures on a given platform.
1.0.2f is unaffected, as is 1.0.1r. However, 1.0.1s is also impacted. Here's the last bit from the failure: ../util/shlib_wrap.sh ./evp_extra_test PASS test SSL protocol test ssl3 is forbidden in FIPS mode *** IN FIPS MODE *** Available compression methods: NONE 47614155012464:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1877: 47614155012464:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1877: test ssl2 is forbidden in FIPS mode Testing was requested for a disabled protocol. Skipping tests. gmake[1]: *** [test_ssl] Error 1 gmake[1]: Leaving directory `/home/bhouse/tmp/openssl-1.0.2g/test' gmake: *** [tests] Error 2 -Brad -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
