From: jaruga@... Date: 2018-11-07T16:00:49+00:00 Subject: [ruby-core:89751] [Ruby trunk Feature#6946] FIPS support? Issue #6946 has been updated by jaruga (Jun Aruga). @rhenium I think we can close this ticket. Thanks for reminding us. I do not see the issue on the fips mode. I could pass the tests of trunk ruby with openssl 1.0.2 fips mode. Right now the OpenSSL 1.1.1 does not support the building with fips mode. But next release of OpenSSL 1.1 might support it. [1] To keep green for the case of fips mode, and to prepare the future's release of OpenSSL 1.1 to support it, I proposed to add a case of OpenSSL 1.0.2 with fips mode to Travis CI or RubyCI or ruby/openssl. [2] Or if we might create VM on RubyCI. I found the way for Fedora [3]. But I could not find for Ubuntu [4] [1] https://github.com/openssl/openssl/issues/7582 [2] https://github.com/ruby/ruby/pull/2007 [3] https://www.dogtagpki.org/wiki/Enabling_FIPS_Mode_on_Fedora [4] https://blog.ubuntu.com/2017/12/13/fips-140-2-certified-modules-for-ubuntu-16-04-lts ---------------------------------------- Feature #6946: FIPS support? https://bugs.ruby-lang.org/issues/6946#change-74795 * Author: vo.x (Vit Ondruch) * Status: Open * Priority: Normal * Assignee: * Target version: ---------------------------------------- =begin Hi, running the test suite on FIPS enabled system using $ find test/ -type f -name test_*.rb -exec make test-all TESTS="-v '{}'" \; command with patch from #6938 applied, it gives me a plenty of errors (see attached output.txt file). There are two kind of errors as far as I understand, some are more or less test suite errors (e.g. #6938), which should be easy to fix, while some others (e.g. #6943) would need bigger changes. Is there any chance that Ruby will provide better support for FIPS and there errors get fixed? =end ---Files-------------------------------- output.txt (114 KB) output-r36887.txt (48.6 KB) output-r38509.txt (44.3 KB) output-200p353.txt (39.5 KB) output-210p0.txt (473 KB) output-230p0.txt (17 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: