> > That is present but not actually used by the 2.0 module. Those values will come from > the FIPS capable OpenSSL (1.0.1 and later) the module is used with. > > The 2.0 module itself has separate version numbers which can be retrieved using > FIPS_module_version() and FIPS_module_version_text(). > > Steve.
Steve, I definitely appreciate your time and I might have completely messed this one up, but when compiling OpenVPN, or OpenCA, their builds actually use the bash command line to validate the openssl version, e.g.: [code] ~$ openssl version OpenSSL 1.0.0e 6 Sep 2011 [/code] Or in the version I recompiled for FIPS/Acceptable for build: [code] ~$ openssl version OpenSSL 0.9.8 xx XXX xxxx FIPS Object Module v1.2 [/code] I'll also agree that that's not probably the preferred way of checking at make time, but it's what I have to work with. Although I'm not familiar with the latest version of OpenSSL, I do believe that returns the text value from opensslv.h Here's hoping I'm wrong. In any case, any change during the testing, including one as silly and risk-free as this one is grounds for the certification process to start all over. Changing the text might be something better done now than after the certification Jack D. Pond "Hypocrisy is the homage vice pays to virtue." -- Francois de La Rochefoucauld, 1613-1680 > -----Original Message----- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On > Behalf Of Dr. Stephen Henson > Sent: Thursday, November 03, 2011 1:34 PM > To: openssl-users@openssl.org > Subject: Re: OpenSSL FIPS Module 2.0 status update > > On Thu, Nov 03, 2011, Jack D. Pond wrote: > > > Uh, Steve, > > > > crypto/opensslv.h > > > > #define OPENSSL_VERSION_NUMBER 0x10100000L > > #ifdef OPENSSL_FIPS > > #define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0-fips-dev xx XXX xxxx" > > #else > > #define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0-dev xx XXX xxxx" > > #endif > > #define OPENSSL_VERSION_PTEXT " part of " > OPENSSL_VERSION_TEXT > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
