From 0f68377f69823dd470fdb1ae90287c2ea4f8f404 Mon Sep 17 00:00:00 2001 From: Fedor Indutny Date: Mon, 1 Jun 2015 23:49:43 +0200 Subject: crypto: support FIPS mode of OpenSSL Support building and running with FIPS-compliant OpenSSL. The process is following: 1. Download and verify `openssl-fips-x.x.x.tar.gz` from https://www.openssl.org/source/ 2. Extract source to `openssl-fips` folder 3. ``cd openssl-fips && ./config fipscanisterbuild --prefix=`pwd`/out`` (NOTE: On OS X, you may want to run ``./Configure darwin64-x86_64-cc --prefix=`pwd`/out`` if you are going to build x64-mode io.js) 4. `make -j && make install` 5. Get into io.js checkout folder 6. `./configure --openssl-fips=/path/to/openssl-fips/out` 7. Build io.js with `make -j` 8. Verify with `node -p "process.versions.openssl"` (`1.0.2a-fips`) Fix: https://github.com/joyent/node/issues/25463 PR-URL: https://github.com/nodejs/io.js/pull/1890 Reviewed-By: Rod Vagg Reviewed-By: Shigeki Ohtsu --- README.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'README.md') diff --git a/README.md b/README.md index 9b7f5b0f17..91215810ad 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,4 @@ + io.js ===== @@ -249,6 +250,28 @@ as `deps/icu` (You'll have: `deps/icu/source/...`) > vcbuild full-icu ``` +# Building io.js with FIPS-compliant OpenSSL + +NOTE: Windows is not yet supported + +It is possible to build io.js with +[OpenSSL FIPS module](https://www.openssl.org/docs/fips/fipsnotes.html). + +Instructions: + +1. Download and verify `openssl-fips-x.x.x.tar.gz` from + https://www.openssl.org/source/ +2. Extract source to `openssl-fips` folder +3. ``cd openssl-fips && ./config fipscanisterbuild --prefix=`pwd`/out`` + (NOTE: On OS X, you may want to run + ``./Configure darwin64-x86_64-cc --prefix=`pwd`/out`` if you are going to + build x64-mode io.js) +4. `make -j && make install` +5. Get into io.js checkout folder +6. `./configure --openssl-fips=/path/to/openssl-fips/out` +7. Build io.js with `make -j` +8. Verify with `node -p "process.versions.openssl"` (`1.0.2a-fips`) + ## Resources for Newcomers * [CONTRIBUTING.md](./CONTRIBUTING.md) -- cgit v1.2.1