On Sun, Sep 21, 2008, Welling, Conrad Gerhart wrote: > Back to square 2 out of 3: > > Platform: > SunOS bear 5.9 Generic_118558-34 sun4u sparc SUNW,Ultra-5_10 > gcc (GCC) 3.4.6 > GNU ld version 2.17 > GNU ar 2.17 > > 1. Built fips-1.1.2 successfully > > 2. Built openssl-0.9.7m successfully with ... > ./Configure solaris-sparcv9-gcc27 fips > --with-fipslibdir=/export/home/wellingc/dudc/openssl-fips-1.1.2/fips-1.0/ > > (also tried with -shared, but no successful build) > > 3. Built modded curl executable, adding a --fips-mode option, using ... > ./configure --with-ssl=/usr/local/ssl --enable-http --disable-tftp > --disable-file --disable-ldap --disable-ldaps --disable-dict --disable-telnet > --with-ca-path=../x.dcerts --disable-ldap > > When curl executable is run from command-line with --fips-mode, get ... > SSL: 0:705134702:fips.c:212:0:error:2A07806E:FIPS > routines:FIPS_check_dso:fingerprint does not match > > I've read all "fips solaris" forum messages + others ... I thought I had this > down, but ... > a little guidance would be appreciated. >
You need to link the application using the "fipsld" script. That will correctly obtain and embed the correct signature in the target. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
