when i am using make CC=fipsld FIPSLD_CC=gcc , i am getting error message
if test ! -z ""; then /.../
austin.ibm.com/fs/projects/aix/aix53L/53L_SERVICE/ode_tools/power/usr/bin/perl./fixprogs
ssh_prng_cmds ; fi
(cd openbsd-compat && make)
/gsa/ausgsa/projects/o/openssh/fipsssl/lib/fipsld -g -qnostdinc
-qnolm -I. -I.. -I. -I./.. -I/gsa/ausgsa/projects/o/openssh/fipsssl/include
-I/gsa/ausgsa/projects/o/openssh/zlib-1.2.3 -I
/gsa/ausgsa/projects/k/kerberos/build/krb514/current/export/rios_aix_4/usr/include
-I/.../
austin.ibm.com/fs/projects/aix/aix53L/53L_SERVICE/export/power/usr/include/-I/.../
austin.ibm.com/fs/projects/aix/aix53L/53L_SERVICE/export/power/usr/include/sys-I/gsa/ausgsa/projects/o/openssh/include
-DHAVE_CONFIG_H -c bsd-arc4random.c
gcc: unrecognized option `-qnostdinc'
gcc: unrecognized option `-qnolm'
(E) Message system initialization, unable to open catalogs:
xlCfe.cat, /usr/ccs/lib/exe/default_msg/xlCfe.cat.
1506-005: (E) Error in message set 12, unable to retrieve message 173.
1506-005: (E) Error in message set 12, unable to retrieve message 155.
1506-005: (E) Error in message set 12, unable to retrieve message 173.
1506-005: (E) Error in message set 12, unable to retrieve message 297.
1506-005: (E) Error in message set 12, unable to retrieve message 312.
make: The error code from the last command is 1.
Can u please help me
Thanks
Joshi
On Tue, Sep 23, 2008 at 5:31 AM, Welling, Conrad Gerhart <
[EMAIL PROTECTED]> wrote:
> Dr. Henson:
>
> Thanks for your quick response and your patience. Sometimes I have a way
> of trying to make things so much harder than they need to be. I reread page
> 33 of the OFOM User Guide ...
>
> "The fipsld command requires that the CC and/or FIPSLD_CC environment
> variables be set, with the latter taking precedence. These variables allow a
> typical Makefile to be used without modification by specifying a command of
> the form
>
> make CC=fipsld FIPSLD_CC=gcc
>
> where fipsld is invoked by make in lieu of the original compiler and linker
> (gcc in this
> example), and in turn invokes that compiler where appropriate."
>
> So, I stopped trying to edit the curl Makefiles and, instead, actually
> tried doing exactly what Steve Marquess says to do in the OFOM User Guide
> (along with copying fipsld into the necessary curl source directories and
> telling make where to find openssl). Of course, my FIPS-capable curl built
> successfully.
>
> Thanks again.
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:
> [EMAIL PROTECTED] Behalf Of Dr. Stephen Henson
> Sent: Monday, September 22, 2008 3:44 AM
> To: openssl-users@openssl.org
> Subject: Re: FIPS-capable curl: Solaris 9 - fingerprint does not match
>
>
> On Sun, Sep 21, 2008, Welling, Conrad Gerhart wrote:
>
> > Back to square 2 out of 3:
> >
> > Platform:
> > SunOS bear 5.9 Generic_118558-34 sun4u sparc SUNW,Ultra-5_10
> > gcc (GCC) 3.4.6
> > GNU ld version 2.17
> > GNU ar 2.17
> >
> > 1. Built fips-1.1.2 successfully
> >
> > 2. Built openssl-0.9.7m successfully with ...
> > ./Configure solaris-sparcv9-gcc27 fips
> --with-fipslibdir=/export/home/wellingc/dudc/openssl-fips-1.1.2/fips-1.0/
> >
> > (also tried with -shared, but no successful build)
> >
> > 3. Built modded curl executable, adding a --fips-mode option, using ...
> > ./configure --with-ssl=/usr/local/ssl --enable-http --disable-tftp
> --disable-file --disable-ldap --disable-ldaps --disable-dict
> --disable-telnet --with-ca-path=../x.dcerts --disable-ldap
> >
> > When curl executable is run from command-line with --fips-mode, get ...
> > SSL: 0:705134702:fips.c:212:0:error:2A07806E:FIPS
> routines:FIPS_check_dso:fingerprint does not match
> >
> > I've read all "fips solaris" forum messages + others ... I thought I had
> this down, but ...
> > a little guidance would be appreciated.
> >
>
> You need to link the application using the "fipsld" script. That will
> correctly obtain and embed the correct signature in the target.
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
--
Regards
Joshi Chandran
