> But as I have just read, it seems the Security Policy mandates only the > "fips" option be supplied to be FIPS140 compliant.
Exactly. > What about directory directives, such as --prefix, --openssldir, > --install_prefix ??? The Security Policy mandates only the "fips" option be supplied. > Having built without the shared option, I notice that only static > libraries are created. But we have applications that have previously > linked with shared libraries. > Are shared libraries supposed to be generated for a fips build? Shared libraries of what? The FIPS container? > I could build without the fips parameter, but I need one of the RSA Key > Gen functions (RSA_X931_generate_keys()) that is encapsulated in a > #ifdef OPENSSL_FIPS statement. > > I guess one solution maybe to use "shared" but not "fips" and supply > "-DOPENSSL_FIPS". > Would that work ??? > > Suggestions welcome :) You need to read the FIPS users guide. http://www.openssl.org/docs/fips/UserGuide-1.1.1.pdf DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
