> But as I have just read, it seems the Security Policy mandates only the
> "fips" option be supplied to be FIPS140 compliant.
Exactly.
> What about directory directives, such as --prefix, --openssldir,
> --install_prefix ???
The Security Policy mandates only the "fips" option be supplied.
>
I can't even build openssl-fips.1.1.1 if the "shared" option is
specified. I had to remove it as you (Bill) did for the openssl-0.9.7m.
My build host is an oldish Debian (Woody) PowerPC box.
$ uname -a
Linux larabee 2.4.25-powerpc #1 mer avr 14 15:38:38 CEST 2004 ppc unknown
Why does "shared
Sorry for previous post. All worked fine with the shared term removed
from the config line using openssl-0.9.7m.
Steps I used are as follows:
cd /usr/src
tar -xvf openssl-fips-1.1.1.tar.gz
cd openssl-fips-1.1.1
./config fips
make
make install
cd ..
rm -rf openssl-fips-1.1.1
tar -xvf openssl-0.
Dr. Stephen Henson wrote:
> You need a recent 0.9.7 snapshot to use the 1.1.1 FIPS module, no
official
> release supports it yet. There will be an official release "real soon
> now".
I have tried with openssl-0.9.7-stable-SNAP-20070223.tar.gz,
openssl-0.9.7-stable-SNAP-20070222.tar.gz and opens
On Thu, Feb 22, 2007, David Schwartz wrote:
>
> I'm sure I'm doing something stupid. I'm trying to build a FIPS capable
> OpenSSL on a run-of-the-mill Linux box. I build the FIPS canister and
> untarred a fresh distribution of 'openssl-0.9.7l'. I configured it with
> "./config fips no-rc5 n