On Fri, Feb 22, 2013, T J wrote: > > On 22/02/13 11:29, Dr. Stephen Henson wrote: > >On Fri, Feb 22, 2013, T J wrote: > > > >>Does anyone know why this warning is produced when attempting to > >>call SSL_export_keying_material()? > >> > >>I have the FIPS module linked in and I notice that the Makefile in > >>the openssl-fips-2.0 dir contains the line: > >> > >>OPTIONS= no-asm no-bf no-camellia no-cast no-ec_nistp_64_gcc_128 > >>no-gmp no-idea no-jpake no-krb5 no-md2 no-md5 no-mdc2 no-rc2 no-rc4 > >>no-rc5 no-rfc3779 no-ripemd no-seed no-srp no-ssl2 no-ssl3 no-store > >>no-tls1 *no-tlsext* no-zlib no-zlib-dynamic no-static-engine > >> > >>Really? Does this mean I can't use any tls ext functions - > >>specifically SSL_export_keying_material() - in fips mode? > >> > >The FIPS module is *NOT* OpenSSL. It is derived from a version of OpenSSL but > >it is a very minimal distribution with only enough present to build > >fipscanister.o > > > Sorry - I wasn't being clear. I'm not linking the FIPS module > directly to my app, I am using a FIPS fips capable OpenSSL (OpenSSL > base + the FIPS module) in FIPS mode. I think I am seeing this error > because OPENSSL_NO_TLSEXT is defined somewhere and the only place I > can see that occurring is in openssl-fips-2.0/Makefile by use of the > no-tlsext switch. >
The SSL_export_keying_material function is only present in the unreleased OpenSSL 1.0.2, were you trying to call it from OpenSSL 1.0.1? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
