[openssl-dev] Test script failing for OpenSSL-1.0.1s when built as FIPS Capable
Carl Tietjen
Carl.Tietjen at microfocus.com
Tue Mar 1 18:00:49 UTC 2016
Hello,
I have run into a problem when I am build OpenSSL-1.0.1s as FIPS Capable. The problem is that the test script is failing. I believe that this maybe because of different behavior in the tests now that the "no-ssl2" flag has been added to the OPTIONS (i.e. SSLv2 has been disabled in OpenSSL, but not in the tests).
Details below.
Any help would be appreciated.
Thanks,
Carl Tietjen
Micofocus
Problem: "make test" is failing because of change to disable SSLv2
Version: openssl-1.0.1s
FIPS Module: openssl-fips-ecp-2.0.11
Error message:
...
test ssl2 is forbidden in FIPS mode
Testing was requested for a disabled protocol. Skipping tests.
make[1]: *** [test_ssl] Error 1
make[1]: Leaving directory `/root/FIPS_1.0.1s/openssl-1.0.1s/test'
make: *** [tests] Error 2
Make test failed
________________________
Old messages (i.e. from OpenSSL-1.0.1r build):
...
test ssl2 is forbidden in FIPS mode
*** IN FIPS MODE ***
Available compression methods:
NONE
140038414411432:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1720:
140038414411432:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1720:
test tls1
...
More information about the openssl-dev
mailing list