Hi
On Thu, Jan 07, 2016 at 02:57:34PM -0800, Kevin Long wrote:
>
> I believe I have successfully compiled openvpn on debian , using static
> openssl library containing the FIPS compliance module.
>
>
> However, I have followed this instruction found online:
>
> "Now you should have a FIPS capable OpenSSL (NOTE: OpenSSL itself is not FIPS
> validated, only FIPS capable along with the FIPS Object Module). To make
> OpenVPN FIPS compliant, you need to add:
>
> #ifdef OPENSSL_FIPS
> if(options.no_fips <= 0) {
> if(!FIPS_mode_set(1) {
> ERR_load_crypto_strings();
> ERR_print_errors_fp(stderr);
> exit(1);
>
> }
> }
> else
> fprintf(stderr,"*** IN FIPS MODE ***\n");
> #endif
I'm not sure where this is coming from (it's not something I've seen
before) but it is at least broken C code - the "if (!FIPS_mode_set(1)" line
is missing a closing bracket - and it is based on patches to options.c
and options.h that are missing - as you've noticed, there is no "no_fips"
field in the "options" structure (and, at this place in the code, there
is not even an "options" variable around).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
