Thanks Dr. Henson, yeah the 0.9.8k version works perfectly. sorry I made the mistake about the environment variable, should be OPENSSL_FIPS rather than FIPS_MODE.
But I am still stuck at problem 2, while in fips mode, the TlsServer will exit with the error message as long as a client trying connecting. I confirm both the client and server have set a FIPS-valid cipher list. The problem may due to the certificate I use. However, I wonder if there is any way to catch and detemine the error rather than have the program exit? Thanks. Peter Lin On Thu, Jun 25, 2009 at 5:44 PM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Thu, Jun 25, 2009, Peter Lin wrote: > > > Hi all, > > > > problem 1: > > > > I compiled the binary openssl from FIPS Object Module v1.2. However, I > got > > "illegal instruction" when I try to use "openssl req" command, regardless > > FIPS_MODE set to 1 or 0. > > My program got the same error if linking to the FIPS static library. The > > bombing place is while executing PEM_read_bio_X509(). > > > > Don't use the version of OpenSSL that came with the 1.2 module, link the > module against OpenSSL 0.9.8k. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
