Hello,
I believe I have successfully compiled openvpn on debian , using static openssl
library containing the FIPS compliance module.
However, I have followed this instruction found online:
"Now you should have a FIPS capable OpenSSL (NOTE: OpenSSL itself is not FIPS
validated, only FIPS capable along with the FIPS Object Module). To make
OpenVPN FIPS compliant, you need to add:
#ifdef OPENSSL_FIPS
if(options.no_fips <= 0) {
if(!FIPS_mode_set(1) {
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
exit(1);
}
}
else
fprintf(stderr,"*** IN FIPS MODE ***\n");
#endif
in the file /src/openvpn.c in the OpenVPN source code folder, in the main ()
function at the very bottom on the file, just before the: return
openvpn_main(argc, argv);”
Placing that code into the openvpn.c main function throws the following
compiler error:
openvpn.c: In function ‘main’:
openvpn.c:361:12: error: ‘options’ undeclared (first use in this function)
if(options.no_fips <= 0) {
^
openvpn.c:361:12: note: each undeclared identifier is reported only once for
each function it appears in
openvpn.c:362:38: error: expected ‘)’ before ‘{’ token
if(!FIPS_mode_set(1) {
^
openvpn.c:368:8: error: expected expression before ‘}’ token
}
^
Makefile:627: recipe for target 'openvpn.o’ failed
Please pardon my ignorance. My goal is to get FIPS compliance and to be able to
confirm it, but I have not been able to find a good tutorial on how to do this.
