Issue #6946 has been updated by MartinBosslet (Martin Bosslet). I'm sorry for not responding earlier. The problem is that I simply can't get a FIPS version of OpenSSL linked with Ruby OpenSSL to complete this task. I'm trying OpenSSL 1.0.1c and openssl-fips-2.0.2. I can compile my 1.0.1c using the FIPS canister, and I also verified that FIPS mode is working correctly. The problem is now linking the Ruby OpenSSL extension against it. I'm supposed to include /usr/local/ssl/fips-2.0/bin/ in $PATH and then to compile using make CC=fipsld FIPSLD_CC=gcc On my 32 bit Linux machine this gives me a segfault during the linking phase and on my 64 bit machine I get: linking shared-object openssl.so /usr/bin/ld: /tmp/cc1Oph68.o: relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC /tmp/cc1Oph68.o: could not read symbols: Bad value collect2: ld returned 1 exit status make: *** [openssl.so] Error 1 I checked, both the FIPS canister as well as OpenSSL were compiled using -fPIC, and -fPIC is also part of the CFLAGS in the Makefile generated for the OpenSSL extension. Ruby itself was compiled using -fPIC, too. The OpenSSL C library was linked statically (libcrypto.a & libssl.a). gcc version is gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) I'd appreciate any help, I'm really stuck here. Has anyone got an idea what I do wrong or has anyone had success in linking Ruby OpenSSL to a FIPS version of native OpenSSL? ---------------------------------------- Feature #6946: FIPS support? https://bugs.ruby-lang.org/issues/6946#change-34840 Author: vo.x (Vit Ondruch) Status: Assigned Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: ext Target version: next minor =begin Hi, running the test suite on FIPS enabled system using $ find test/ -type f -name test_*.rb -exec make test-all TESTS="-v '{}'" \; command with patch from #6938 applied, it gives me a plenty of errors (see attached output.txt file). There are two kind of errors as far as I understand, some are more or less test suite errors (e.g. #6938), which should be easy to fix, while some others (e.g. #6943) would need bigger changes. Is there any chance that Ruby will provide better support for FIPS and there errors get fixed? =end -- http://bugs.ruby-lang.org/