|
Hi Mark, I guess your problem is that you are trying to build OpenSSL
1.1.0 with FIPS. Only OpenSSL 1.0.2 has FIPS support. Regards, Matthias Von: openssl-users <openssl-users-bounces@xxxxxxxxxxx>
Im Auftrag von Mark via openssl-users I'm trying to build OpenSSL with FIPS module in a centos docker container. The FIPS module builds fine but the openssl build fails with: _USE_NODELETE -MMD -MF crypto/err/err_all.d.tmp -MT crypto/err/err_all.o -c -o crypto/err/err_all.o crypto/err/err_all.c crypto/err/err_all.c: In function 'err_load_crypto_strings_int': crypto/err/err_all.c:47:9: error: void value not ignored as it ought to be FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata) == 0 || ^ crypto/err/err_all.c:95:9: error: void value not ignored as it ought to be ERR_load_FIPS_strings() == 0 || ^ make[1]: Leaving directory `/tmp/openssl-1.1.0i' The relevant parts of my dockerfile are: ENV PREFIX=/usr/local ENV FIPSVER=2.0.16 ENV SSLVER=1.1.0i ENV OPENSSLDIR=${PREFIX}/ssl ENV FIPSDIR="${OPENSSLDIR}/fips-2.0" ENV CFLAGS="-m64 -fPIC" ENV LDFLAGS="-m64 -fPIC -L${PREFIX}/lib64" ENV CC=gcc ENV CXX=g++ ENV SSL_CONFIG="fips -DSSL_ALLOW_ADH -fPIC -I/usr/local/ssl/fips-2.0/include shared zlib" # Custom FIPS enabled SSL ADD ssl/openssl-fips-${FIPSVER}.tar.gz /tmp WORKDIR /tmp/openssl-fips-${FIPSVER} RUN ./config --prefix=${FIPSDIR} RUN make RUN make install
ADD ssl/openssl-${SSLVER}.tar.gz /tmp WORKDIR /tmp/openssl-${SSLVER} RUN ./Configure \ --prefix=${OPENSSLDIR} \ --openssldir=${OPENSSLDIR} \ ${SSL_CONFIG} linux-x86_64
RUN make RUN make test RUN make install Any help would be appreciated. -Mark |
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
