You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Petr Hracek <ph...@gmail.com> on 2011/06/03 16:51:28 UTC
Succeed compilation with FIPS
Dear developers,
I have tried to find out on the web what is the correct way
how to compile http2 so that it will be compliance with FIPS 140-2.
I have already build up OpenSSL libraries with FIPS and development
files as well.
I have try to run ./configure --with-ssl=<path_to_openSSL_FIPS_libraries>
and it seems to be good but how can I call make?
like: make CC=fipsld FIPSLD_CC=gcc ?
thank you in advance
--
Best Regards / S pozdravem
Petr Hracek
Re: Succeed compilation with FIPS
Posted by Andrew Punch <an...@247realmedia.com>.
Hi,
Typically you would provide the required environment variables to
configure.
e.g../configure --with-ssl=<path_to_openSSL_FIPS_libraries> CC=fipsld
FIPSLD_CC=gcc
Sometimes you might need to specify the environment variables before
configure or make for example:
CC=fipsld FIPSLD_CC=gcc ./configure
--with-ssl=<path_to_openSSL_FIPS_libraries>
-Andrew
On Fri, 2011-06-03 at 14:51 +0000, Petr Hracek wrote:
> Dear developers,
>
> I have tried to find out on the web what is the correct way
> how to compile http2 so that it will be compliance with FIPS 140-2.
>
> I have already build up OpenSSL libraries with FIPS and development
> files as well.
> I have try to run ./configure --with-ssl=<path_to_openSSL_FIPS_libraries>
> and it seems to be good but how can I call make?
>
> like: make CC=fipsld FIPSLD_CC=gcc ?
>
> thank you in advance
>
Re: Succeed compilation with FIPS
Posted by Dr Stephen Henson <sh...@oss-institute.org>.
On 03/06/2011 15:51, Petr Hracek wrote:
> Dear developers,
>
> I have tried to find out on the web what is the correct way
> how to compile http2 so that it will be compliance with FIPS 140-2.
>
> I have already build up OpenSSL libraries with FIPS and development
> files as well.
> I have try to run ./configure --with-ssl=<path_to_openSSL_FIPS_libraries>
> and it seems to be good but how can I call make?
>
> like: make CC=fipsld FIPSLD_CC=gcc ?
>
If you are linking to the OpenSSL shared libraries you don't need to do anything
special at all. It is only if you do a static build that you need to use the
fipsld script.
You can test the build by enabling FIPS mode in the configuration file: the log
file should confirm it is in FIPS mode. In that mode you shouldn't be able to
connect with a non-FIPS ciphersuite such as one including RC4.
Note that just compiling and enabling FIPS mode doesn't guarantee compliance:
you also need to adhere to the requirements of the security policy.
Steve.
--
Dr Stephen N. Henson. Senior Technical/Cryptography Advisor,
Open Source Software Institute: www.oss-institute.org
OpenSSL Core team: www.openssl.org