On 22/02/13 11:48, Dr. Stephen Henson wrote:
On Fri, Feb 22, 2013, T J wrote:
On 22/02/13 11:29, Dr. Stephen Henson wrote:
On Fri, Feb 22, 2013, T J wrote:
Does anyone know why this warning is produced when attempting to
call SSL_export_keying_material()?
I have the FIPS module linked in and I notice that the Makefile in
the openssl-fips-2.0 dir contains the line:
OPTIONS= no-asm no-bf no-camellia no-cast no-ec_nistp_64_gcc_128
no-gmp no-idea no-jpake no-krb5 no-md2 no-md5 no-mdc2 no-rc2 no-rc4
no-rc5 no-rfc3779 no-ripemd no-seed no-srp no-ssl2 no-ssl3 no-store
no-tls1 *no-tlsext* no-zlib no-zlib-dynamic no-static-engine
Really? Does this mean I can't use any tls ext functions -
specifically SSL_export_keying_material() - in fips mode?
The FIPS module is *NOT* OpenSSL. It is derived from a version of OpenSSL but
it is a very minimal distribution with only enough present to build
fipscanister.o
Sorry - I wasn't being clear. I'm not linking the FIPS module
directly to my app, I am using a FIPS fips capable OpenSSL (OpenSSL
base + the FIPS module) in FIPS mode. I think I am seeing this error
because OPENSSL_NO_TLSEXT is defined somewhere and the only place I
can see that occurring is in openssl-fips-2.0/Makefile by use of the
no-tlsext switch.
The SSL_export_keying_material function is only present in the unreleased
OpenSSL 1.0.2, were you trying to call it from OpenSSL 1.0.1?
Steve.
Yes. I have OpenSSL 1.0.1c. The prototype is defined in openssl/tls1.h
and it looks like the code is all there in this version...
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
