Hi all, noobie here. No experience with Linux compiling, and having some issues trying to get a validated FIPS compatible build.
Using Ubuntu 12.04, fresh install. By default it already has GNU C and GPG installed, that part all worked fine. I followed the instructions verbatim from the OpenSSL FIPS Object Module FIPS 140-2 User Guide (http://www.openssl.org/docs/fips/UserGuide-1.2.pdf). However, when I was finished with the second make install there were two separate installations of openssl (one in /usr/local/ssl/fips-1.0 and another in /usr/local/ssl/fips). I tried the command line instructions to verify the build I found from Oracle: $ export LD_LIBRARY_PATH=/lib/openssl/fips-1.0 $ export OPENSSL_FIPS=1 $ openssl version FIPS mode not supported ... and tried again with the lib path /usr/local/ssl/fips and same results. Questions: - How do I uninstall this mess and start again? - The user guide says to start with the specific distribution found at http://www.openssl.org/source/opensslfips1.2.tar.gz, but I notice there are newer versions with the name "FIPS" in them. o I used 1.2.3, which "looked most current." Was that incorrect? Which is correct? - They say to use of a newer version of OpenSSL (0.9.8.j+) for linking, but not to use versions above 1.0 (I tried 0.9.8x). o Is this still correct? o Was the version I used "part of my problem?" - Is there a simpler checklist to get a validated install built? Thanks in advance for your help! ____________________________ Bill Reister
