On 10/13/2010 7:22 PM, Bill Durant wrote: > > On Oct 13, 2010, at 5:19 PM, William A. Rowe Jr. wrote: >> On 10/13/2010 3:31 PM, Bill Durant wrote: >>> >>> I am interested in building the static version of the FIPS-capable OpenSSL >>> as an universal >>> binary. >> >> Three builds, per spec, of the FIPS canister. No tweaks, no exceptions to >> the security policy. >> >> Then it's possible but non-trivial to integrate these three components into >> any OpenSSL you would like to invent. > > Thanks. That is exactly the approach that I am currently taking (will use > lipo(1) to > aggregate the FIPS-capable OpenSSL static libs to see if that works)...
That may not be sufficient, can ldfips be modified(?), it's certainly needed to link static to the fips canister. I'd put your energies into building a dylib which would give you a smidge more flexibility. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org