On Sat, Dec 20, 2008, Kyle Hamilton wrote: > The Security Policy is absolutely clear on this point. (If you > haven't read it yet, you MUST, if you want to claim FIPS validation > for whatever you're putting it into.) You can copy it from /usr/local > to whereever you need it, but in that case you also have to edit the > Makefile for OpenSSL to look for fipsld, fips_premain.c, and the > associated files. > > For what it's worth, there are only two ways you can build the > FIPS-validated library on any UNIX-based system, each comprising three > steps. > > Option 1: > ./config fips > make > make install > > Option 2: > ./config fips no-asm > make > make install >
On the 1.2 distribution you need "fipscanisterbuild" and not "fips". The 0.9.8 associated distribution you use "fips" and it is possible to supply alternate locations for the validated module with the --with-fipslibdir option. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
