Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C68EBD066 for ; Thu, 10 Jan 2013 21:05:44 +0000 (UTC) Received: (qmail 54492 invoked by uid 500); 10 Jan 2013 21:05:41 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 54431 invoked by uid 500); 10 Jan 2013 21:05:41 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 54423 invoked by uid 99); 10 Jan 2013 21:05:41 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Jan 2013 21:05:41 +0000 X-ASF-Spam-Status: No, hits=0.8 required=5.0 tests=HTML_FONT_FACE_BAD,HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_NEUTRAL,UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [216.82.255.50] (HELO mail1.bemta7.messagelabs.com) (216.82.255.50) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Jan 2013 21:05:30 +0000 Received: from [216.82.253.227:28704] by server-15.bemta-7.messagelabs.com id A1/7A-27565-40D2FE05; Thu, 10 Jan 2013 21:05:08 +0000 X-Env-Sender: jblasdel@csc.com X-Msg-Ref: server-15.tower-170.messagelabs.com!1357851905!25254052!1 X-Originating-IP: [20.137.2.88] X-StarScan-Received: X-StarScan-Version: 6.6.1.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 10393 invoked from network); 10 Jan 2013 21:05:06 -0000 Received: from amer-mta102.csc.com (HELO amer-mta102.csc.com) (20.137.2.88) by server-15.tower-170.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 10 Jan 2013 21:05:06 -0000 Received: from amer-gw09.amer.csc.com (amer-gw09.amer.csc.com [20.6.39.245]) by amer-mta102.csc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id r0AL5589000534 for ; Thu, 10 Jan 2013 16:05:05 -0500 In-Reply-To: References: To: Jerry Blasdel Cc: users@httpd.apache.org MIME-Version: 1.0 X-KeepSent: AE95A73B:C587407C-86257AEF:00738F13; type=4; name=$KeepSent X-Mailer: Lotus Notes Release 8.5.2FP3 SHF97 September 16, 2011 From: Jerry Blasdel Message-ID: Date: Thu, 10 Jan 2013 15:05:03 -0600 X-MIMETrack: Serialize by Router on AMER-GW09/SRV/CSC(Release 8.5.2FP3 HF204|September 20, 2011) at 01/10/2013 04:00:06 PM, Serialize complete at 01/10/2013 04:00:06 PM Content-Type: multipart/alternative; boundary="=_alternative 0073D16086257AEF_=" X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] Re: Compiling Apache httpd 2.4 with FIPS capable OpenSSL on Solaris --=_alternative 0073D16086257AEF_= Content-Type: text/plain; charset="US-ASCII" My issue has been resolved. In my case I was statically linking the OpenSSL so I needed to do the following before calling httpd configure: export CC=fipsld export FIPSLD_CC=gcc This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. From: Jerry Blasdel/USA/CSC To: users@httpd.apache.org Date: 01/09/2013 11:00 AM Subject: Compiling Apache httpd 2.4 with FIPS capable OpenSSL on Solaris We are trying to get an Apache 2,4 HTTPD executable created from a Fips-capable OpenSSL on Solaris. After building and running the tests on fips-2 and OpenSSL 1.0.1c we build Apache and when we try to start it up we get the following in the error_log: [Wed Jan 09 16:21:30.066478 2013] [ssl:emerg] [pid 23726:tid 1] SSL Library Error: error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match [Wed Jan 09 16:21:30.066487 2013] [ssl:emerg] [pid 23726:tid 1] AH02312: Fatal error initialising mod_ssl, exiting. Can anyone please provide me a place to start looking for a resolution? Thanks in advance --=_alternative 0073D16086257AEF_= Content-Type: text/html; charset="US-ASCII" My issue has been resolved.  In my case I was statically linking the OpenSSL so I needed to do the following before calling httpd configure:

export CC=fipsld
export FIPSLD_CC=gcc



This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery.
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.



From:        Jerry Blasdel/USA/CSC
To:        users@httpd.apache.org
Date:        01/09/2013 11:00 AM
Subject:        Compiling Apache httpd 2.4 with FIPS capable OpenSSL on Solaris


We are trying to get  an Apache 2,4 HTTPD executable created from a Fips-capable OpenSSL on Solaris.

After building and running the tests on fips-2  and OpenSSL 1.0.1c we build Apache and when we try to start it up we get the following in the error_log:

[Wed Jan 09 16:21:30.066478 2013] [ssl:emerg] [pid 23726:tid 1] SSL Library Error: error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match
[Wed Jan 09 16:21:30.066487 2013] [ssl:emerg] [pid 23726:tid 1] AH02312: Fatal error initialising mod_ssl, exiting.

Can anyone please provide me a place to start looking for a resolution?

Thanks in advance
--=_alternative 0073D16086257AEF_=--