But can you confirm that my process for building fips openssl is correct? I
downloaded openssl 1.2.3, then ran config fipscanisterbuild, make/make
install then I can config fips
-with-fipslibdir=/usr/local/ssl/fips1.2.3/lib make/make install. is this
right?
Date: Sun, 12 Jun 2011 04:10:39 +0200
From: st...@openssl.org
To: openssl-users@openssl.org
Subject: Re: Help building FIPS openssl (suitable for apache)
On Fri, Jun 10, 2011, Sam Theman wrote:
Hello,
First off, I AM trying to follow the FIPS/OPENSSL user guide
What am I doing wrong:
1.) downloaded fips openssl 1.2.3
2) ./config fipscanisterbuild
make
make install
3.) ./config fips --with-fipslibdir=/usr/local/ssl/fips1.2.3/lib
make
make install
4) build apache with
./configure --prefix=/usr/local/apache2.2.19
--with-ssl=/usr/local/ssl/fips1.2.3 --with-mpm=prefork --with-ldap
--enable-ssl --enable-dav --enable-dav-fs --enable-dav-lock
--enable-authnz-ldap --enable-ldap
5. Error:
[root]# ./apachectl start
Syntax error on line 1 of /usr/local/apache2.2.19/conf/extra/httpd-ssl.conf:
SSLFIPS invalid, rebuild httpd and openssl compiled for FIPS
Looks like Apache isn't seeing the correct header files and not including the
appropriate FIPS code. That's an Apache configuration issue and not OpenSSL.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
