[gnutls-help] make check errors in system running FIPS mode

jonetsu jonetsu at teksavvy.com
Tue Sep 22 15:51:33 CEST 2015

> From: "Nikos Mavrogiannopoulos" <nmav at gnutls.org> 
> Date: 09/22/15 02:24 

> In FIPS140-2 mode the library must have integrity tests, and if these
> are not present it will fail to load. You may use the environment
> variable GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS (set to 1), to skip these
> tests.

Thanks. OTOH, the interest is to have the test succeed.  I have looked into the INSTALL file and the user guide but did not find anything about running integrity tests, howto setup for them, etc.  In fips-test.c there is a mention:

"Please note that if in FIPS140 mode, you need to assure the library's integrity prior to running this test\n");

How are these integrity tests run ?  Is there documentation about them ?


More information about the Gnutls-help mailing list