Blasdel, Jerry wrote:
> I'm not sure if this will help, but we do the following (this is on
> Soalris):
>
> 1. Build fips caninsters from an opens-ssl-fips source (1.1.1 or
> 1.1.2).
> 2. Build a version of openssl and during the configure use
> -with-fipslibdir=(location of the canisters from step 1).
> 3. Build a version of apache and during the configure use
> --with-ssl=${OPENSSL_INSTALL_DIR} (location from step 2).
>

Keep in mind that merely linking an application with a FIPS enabled
OpenSSL does NOT automatically give you a result that can be claimed as
FIPS 140-2 compliant. At an absolute minimum you will need to enable
the FIPS mode of operation (see the User Guide for the gory details:
http://www.openssl.org/docs/fips/) . In practice additional application
source mods will generally be required. Also check AFS Bugzilla for
some work in that regard going back to 2005, most recently Steve Henson
submitted a patch that includes FIPS mode enabling
(http://mail-archives.apache.org/mod_...g/bugzilla/%3E).

-Steve M.

--
Steve Marquess
Open Source Software institute
marquess@oss-institute.org

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org