Wei: My current guess is that if all you are trying to do is get an openssl utility that is FIPS certified, then doing ./config fips make make install from inside the top level directory of openssl-fips-1.1.1 is all that is required.
If you want an openssl utility of a more recent 0.9.7 version that the one fips-1.1.1 is based on, then you would have to do a two pass build as you outlined using one of the 0.9.7 snapshots. Is that correct everyone? Chris Marshall --- Wei Weng <[EMAIL PROTECTED]> wrote: > Hi. Sorry I can not answer your question, but it seems that you are the > only one that is working on getting openssl-fips-1.1.1 to work these > days, so I had to bug you for some trivial questions. :) > > Do you think the process I had gone into making openssl-fips-1.1.1 work > is correct? (I do realize we are working on different platforms, but I > think the general procedures should be similar) > > Thanks! The following is from an email I sent the list earlier. > > Hi all. > > I want to know whether this is correct in building a FIPS capable > openSSL binaries. > download openssl-fips-1.1.1.tar.gz and openssl-0.9.7l.tar.gz, unzip them > into their own directories. > cd openssl-fips-1.1.1, do > ./config fips --prefix=/opt/fips > and make; make install is going to install fips_canister.o inside > /opt/fips/lib directory. > cd openssl-0.9.7l, do > ./config shared --with-fipslibdir=/opt/fips/lib/ > --openssldir=/opt/openssl-0.9.7l/ > and make; make install is going to put FIPS capable openssl binaries > into /opt/openssl-0.9.7l/ > > Is this correct? Thanks in advance. > > > Wei > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > > > > > Wei > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
