The 'make depend' regenerates the dependencies for the makefiles. The dependencies will change depending on the configuration options you've passed to OpenSSL. If you're new to using GNU make, here's a decent explanation: http://make.mad-scientist.net/papers/advanced-auto-dependency-generation/ Your second question reflects a problem in the test/testssl script. This script is largely unaware of most configuration options (e.g. no-ssl3). This script is attempting to run the SSL3 unit tests even though you have omitted support for SSL3 in the library. You may want to open a bug in the OpenSSL request tracker (https://www.openssl.org/support/rt.html). On 03/27/2015 03:14 PM, Lesley Kimmel wrote: > All; > > I'm an administrator/engineer responsible for compiling Apache with > OpenSSL supporting FIPS mode. I've got a good process down that > generally works. However, I am looking for a little help on some > details because I am not a developer and am not about digging through > the source code to figure out these issues. > > a) I don't typically run 'make depend' and things seem to work. > However, the OpenSSL compile wiki directs to run this command. What > will this do for me? > b) I know that I can disable SSLv2 and SSLv3 via Apache itself but I > see that there are options (no-ssl2, no-ssl3) that can be used during > compilation of OpenSSL which will presumably disable them altogether. > However, when compiling this way the 'make test' always fails with > some useless error. For example, when compiling just with 'no-ssl2' I > get the following: > > ../util/shlib_wrap.sh ./evp_extra_test > PASS > test SSL protocol > test ssl3 is forbidden in FIPS mode > *** IN FIPS MODE *** > Available compression methods: > NONE > 139934033385128:error:140A9129:SSL routines:SSL_CTX_new:only tls > allowed in fips mode:ssl_lib.c:1716: > 139934033385128:error:140A9129:SSL routines:SSL_CTX_new:only tls > allowed in fips mode:ssl_lib.c:1716: > test ssl2 is forbidden in FIPS mode > Testing was requested for a disabled protocol. Skipping tests. > make[1]: *** [test_ssl] Error 1 > make[1]: Leaving directory `/opt/apache_stage/httpd/srclib/openssl/test' > make: *** [tests] Error 2 > > Is this expected behavior? Is there any way to disable SSLv2/3 while > still passing the tests? I feel that passing the tests is pretty > important to my confidence in the final product. > > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150327/b87ed44d/attachment-0001.html>
