On Oct 13, 2010, at 5:27 PM, William A. Rowe Jr. wrote:
On 10/13/2010 7:22 PM, Bill Durant wrote:
On Oct 13, 2010, at 5:19 PM, William A. Rowe Jr. wrote:
On 10/13/2010 3:31 PM, Bill Durant wrote:
I am interested in building the static version of the FIPS-
capable OpenSSL as an universal
binary.
Three builds, per spec, of the FIPS canister. No tweaks, no
exceptions to
the security policy.
Then it's possible but non-trivial to integrate these three
components into
any OpenSSL you would like to invent.
Thanks. That is exactly the approach that I am currently taking
(will use lipo(1) to
aggregate the FIPS-capable OpenSSL static libs to see if that
works)...
That may not be sufficient, can ldfips be modified(?), it's
certainly needed to link
static to the fips canister. I'd put your energies into building a
dylib which would
give you a smidge more flexibility.
I don't know what ldfips will do. I will have to try it to see.
I think creating universal binaries with dylib will be more straight
forward but I would prefer static libs instead in order to guarantee
that my app will use the correct libcrypto lib (I am trying not to
rely on the dynamic loader to determine which to use -- my lib or the
system's lib).
Thanks,
Bill
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
