<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
The 'make depend' regenerates the dependencies for the makefiles.
The dependencies will change depending on the configuration options
you've passed to OpenSSL. If you're new to using GNU make, here's a
decent explanation:<br>
<br>
<a class="moz-txt-link-freetext" href="http://make.mad-scientist.net/papers/advanced-auto-dependency-generation/">http://make.mad-scientist.net/papers/advanced-auto-dependency-generation/</a><br>
<br>
Your second question reflects a problem in the test/testssl script.
This script is largely unaware of most configuration options (e.g.
no-ssl3). This script is attempting to run the SSL3 unit tests even
though you have omitted support for SSL3 in the library. You may
want to open a bug in the OpenSSL request tracker
(<a class="moz-txt-link-freetext" href="https://www.openssl.org/support/rt.html">https://www.openssl.org/support/rt.html</a>).<br>
<br>
<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 03/27/2015 03:14 PM, Lesley Kimmel
wrote:<br>
</div>
<blockquote cite="mid:SNT147-W3891D5BCC9CA465D4F301C2090@phx.gbl"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style>
<div dir="ltr">All;<br>
<br>
I'm an administrator/engineer responsible for compiling Apache
with OpenSSL supporting FIPS mode. I've got a good process down
that generally works. However, I am looking for a little help on
some details because I am not a developer and am not about
digging through the source code to figure out these issues.<br>
<br>
a) I don't typically run 'make depend' and things seem to work.
However, the OpenSSL compile wiki directs to run this command.
What will this do for me?<br>
b) I know that I can disable SSLv2 and SSLv3 via Apache itself
but I see that there are options (no-ssl2, no-ssl3) that can be
used during compilation of OpenSSL which will presumably disable
them altogether. However, when compiling this way the 'make
test' always fails with some useless error. For example, when
compiling just with 'no-ssl2' I get the following:<br>
<br>
../util/shlib_wrap.sh ./evp_extra_test<br>
PASS<br>
test SSL protocol<br>
test ssl3 is forbidden in FIPS mode<br>
*** IN FIPS MODE ***<br>
Available compression methods:<br>
NONE<br>
139934033385128:error:140A9129:SSL routines:SSL_CTX_new:only tls
allowed in fips mode:ssl_lib.c:1716:<br>
139934033385128:error:140A9129:SSL routines:SSL_CTX_new:only tls
allowed in fips mode:ssl_lib.c:1716:<br>
test ssl2 is forbidden in FIPS mode<br>
Testing was requested for a disabled protocol. Skipping tests.<br>
make[1]: *** [test_ssl] Error 1<br>
make[1]: Leaving directory
`/opt/apache_stage/httpd/srclib/openssl/test'<br>
make: *** [tests] Error 2<br>
<br>
Is this expected behavior? Is there any way to disable SSLv2/3
while still passing the tests? I feel that passing the tests is
pretty important to my confidence in the final product.<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
openssl-users mailing list
To unsubscribe: <a class="moz-txt-link-freetext" href="https://mta.openssl.org/mailman/listinfo/openssl-users">https://mta.openssl.org/mailman/listinfo/openssl-users</a>
</pre>
</blockquote>
<br>
</body>
</html>