Blasdel, Jerry wrote:
> I'm not sure if this will help, but we do the following (this is on
> Soalris):
> 1. Build fips caninsters from an opens-ssl-fips source (1.1.1 or
> 1.1.2).
> 2. Build a version of openssl and during the configure use
> -with-fipslibdir=(location of the canisters from step 1).
> 3. Build a version of apache and during the configure use
> --with-ssl=${OPENSSL_INSTALL_DIR} (location from step 2).

Keep in mind that merely linking an application with a FIPS enabled
OpenSSL does NOT automatically give you a result that can be claimed as
FIPS 140-2 compliant. At an absolute minimum you will need to enable
the FIPS mode of operation (see the User Guide for the gory details: . In practice additional application
source mods will generally be required. Also check AFS Bugzilla for
some work in that regard going back to 2005, most recently Steve Henson
submitted a patch that includes FIPS mode enabling

-Steve M.

Steve Marquess
Open Source Software institute

__________________________________________________ ____________________
OpenSSL Project
User Support Mailing List
Automated List Manager