[gnutls-help] make check errors in system running FIPS mode
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Sep 22 08:24:00 CEST 2015
On Mon, Sep 21, 2015 at 5:27 PM, jonetsu <jonetsu at teksavvy.com> wrote:
> Hello,
> A large number of failures are reported during the tests when they are done with the kernel being in FIPS mode and the file /etc/system-fips exists. The same compile done without these two does not report any error.
> Is there a setup to be made to run these tests when in FIPS mode ? Does this involve the DNSSEC warning shown at the end of the configure script ?
In FIPS140-2 mode the library must have integrity tests, and if these
are not present it will fail to load. You may use the environment
variable GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS (set to 1), to skip these
tests.
regards,
Nikos
More information about the Gnutls-help
mailing list