[openssl-dev] OpenSSL 1.0.2g - make test fails with FIPS -- regression from 1.0.2f
Brad House
brad at monetra.com
Tue Mar 1 18:09:36 UTC 2016
It appears OpenSSL 1.0.2g introduced a regression when attempting to run
'make test' on a fips-enabled build on linux. When compiling without FIPS, the
tests pass as expected. However, with fips turned on, "make test" fails
when trying to use ssl2 it appears. Running 'make test' is a fairly
standard practice to try to ensure there were no unexpected failures on
a given platform.
1.0.2f is unaffected, as is 1.0.1r. However, 1.0.1s is also impacted.
Here's the last bit from the failure:
../util/shlib_wrap.sh ./evp_extra_test
PASS
test SSL protocol
test ssl3 is forbidden in FIPS mode
*** IN FIPS MODE ***
Available compression methods:
NONE
47614155012464:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1877:
47614155012464:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1877:
test ssl2 is forbidden in FIPS mode
Testing was requested for a disabled protocol. Skipping tests.
gmake[1]: *** [test_ssl] Error 1
gmake[1]: Leaving directory `/home/bhouse/tmp/openssl-1.0.2g/test'
gmake: *** [tests] Error 2
-Brad
More information about the openssl-dev
mailing list